If you configure the transmission rate for an Ethernet interface to be auto, then the rate will be automatically negotiated between peer Ethernet interfaces.

Follow these steps to make basic Ethernet interface configurations:

To do...	Use the command...	Remarks
Enter system view	system-view	—
Enter Ethernet interface view	interface interface-type interface-number	—
Configure the description for an Ethernet interface	description text	Optional By default, the descriptive string is the current interface name followed by “interface”.
Configure the duplex mode for an Ethernet interface	duplex { auto \| full \| half }	Optional auto by default.
Configure the transmission rate for an Ethernet interface	speed { 10 \| 100 \| 1000 \| auto }	Optional auto by default.
Disable the Ethernet interface	shutdown	Optional By default, the Ethernet interface is enabled.

& Note:

l For a double Combo port, after you have execute the undo shutdown command on the optical port, the electrical port will be disabled automatically and the optical port will be available, and vice versa.

l The Combo optical port does not support half duplex.

l The Combo optical port only supports speed 1000 and speed auto command.

l When the speed of one port is configured to 1000M, the port can not be configured to half duplex, and vice versa.

1.1.2 Combo Port Configuration

I. Introduction to Combo port

A Combo port refers to two Ethernet interfaces in a device panel (normally one is an optical port and the other is an electrical port). Inside the device there is only one forwarding interface. Combo port and its corresponding electrical port work in a TX/SFP mode. Users can choose one to use depending on the actual network requirements, but not two simultaneously. When one port is working, the other is disabled, and vice versa.

A Combo port is a logical port with two physical connections, one is called optical port, the other electrical port. The Combo port corresponds to a single forwarding port inside the device. Only one port can be active at a time. When one is active, the other will be automatically deactivated.

For ease of management, a Combo port can be categorized into one of the two following types:

l Single Combo port: the two Ethernet interfaces in the device panel correspond to only one interface view, in which the state on the two interfaces can be realized. A single Combo port can be a Layer 2 Ethernet interface or a Layer 3 Ethernet interface.

l Double Combo port: the two Ethernet interfaces in the device panel correspond to two interface views. The state switchover can be realized in user’s own interfaces view. A double Combo port can only be a layer 2 Ethernet interface.

& Note:

Currently, only S5510 Series Ethernet Switches support combo port, and only support Double Combo port.

II. Combo port and the corresponding Ethernet port (S5510 series switches)

Table 1-1 Combo ports and corresponding Ethernet ports

Switch type	Combo port	Corresponding Ethernet port
S5510-24P-AC/S5510-24P-DC	25	22
	26	24
	27	21
	28	23
S5510-24F-AC/S5510-24F-DC	25	22
	26	24
	27	21
	28	23

III. Configuring Combo port state

Follow these steps to configure the state for a double Combo port:

To do...	Use the command...	Remarks
Enter system view	system-view	—
Enter Ethernet interface view	interface interface-type interface-number	—
Enable a specified double Combo port	undo shutdown	Optional By default, out of the two ports in a Combo port, the one with a smaller port ID (namely, the electrical port) is enabled.

1.1.3 Configuring Flow Control on an Ethernet Interface

When flow control is turned on between peer Ethernet interfaces, if traffic congestion occurs at the ingress interface, it will send a Pause frame notifying the egress interface to temporarily suspend the sending of packets. The egress interface is expected to stop sending any new packets when it receives the Pause frame. In this way, flow controls helps to avoid the dropping of packets. Note that only after both the ingress and the egress interfaces have turned on their flow control will this be possible.

Follow these steps to configure flow control on an Ethernet interface:

To do...	Use the command...	Remarks
Enter system view	system-view	—
Enter Ethernet interface view	interface interface-type interface-number	—
Turn on flow control on an Ethernet interface	flow-control	Required Turned off by default

1.1.4 Configuring Loopback Testing on an Ethernet Interface

You can enable loopback testing to check whether the Ethernet interface functions properly. Note that no data packets can be forwarded during the testing. Loopback testing falls into the following two categories:

l Internal loopback testing: a loopback testing carried out within the device, if data packets sent from an Ethernet interface can be received by the same interface, the internal loopback testing is successful indicating that the interface is functioning properly.

l External loopback testing: a loopback plug needs to be plugged into an Ethernet interface, if data packets sent from the interface is received by the same interface through the loopback plug, the external loopback testing is successful indicating that the interface is functioning properly.

Follow the following steps to configure Ethernet interface loopback testing:

To do...	Use the command...	Remarks
Enter system view	system-view	—
Enter Ethernet interface view	interface interface-type interface-number	—
Configure to enable loopback testing	loopback { external \| internal }	Optional Disabled by default

& Note:

l The loopback testing is not available when the interface is in the shutdown state.

l The speed, duplex, mdi, and shutdown commands are not applicable during a loopback testing.

l With the loopback testing enabled, the Ethernet interface works in the full duplex mode. With the loopback testing enabled, the original configurations will be restored.

l Loopback testing is not supported on certain interfaces. Performing a loopback testing on these interfaces will trigger a system prompt indicating as such.

1.1.5 Configuring a Port Group

To make the configuration task easier for users, certain devices allow users to configure on a single port as well as on multiple ports in a port group. In port group view, the user only needs to input the configuration command once on one port and that configuration will apply to all ports in the port group. This effectively reduces redundant configurations.

A Port group could belong to one of the following two categories:

l Manual port group: manually created by users. Multiple Ethernet interfaces can be added to the same port group;

l Dynamic port group: dynamically created by system, currently mainly applied in link aggregation port groups. A link aggregation port group is automatically created together with the creation of a link aggregation group and cannot be created by users through command line input. Adding or deleting of ports in a link aggregation port group can only be achieved through operations on the link aggregation group.

Follow the following steps to enter port-group view:

To do...		Use the command...	Remarks
Enter system view		system-view	—
Enter port group view	Enter manual port group view	port-group manual port-group-name	—
Enter port group view	Enter aggregation port group view	port-group aggregation agg-id	—

Follow the following steps to configure manual port group:

To do...	Use the command...	Remarks
Enter system view	system-view	—
Create a manual port group, and enter manual port group view	port-group manual port-group-name	Required
Add an Ethernet interface to a specified manual port group	group-member interface-list	Required
Display information for a specified port group or all manual port groups	display port-group manual [all \| name port-group-name ]	Available in any view

& Note:

The manual port group will lost after the device reboot.

1.1.6 Configuring a Storm Suppression Ratio on an Ethernet Interface

You can use the following commands to suppress the broadcast traffic. The suppression ratio indicates the maximum broadcast traffic that is allowed to pass through an interface. When the broadcast traffic over the interface exceeds the threshold, the system will discard the extra packets so that the broadcast traffic ratio can drop below the limit to ensure that the network functions properly.

Follow these steps to configure a storm suppression ratio for an Ethernet interface

To do...		Use the command...	Remarks
Enter system view		system-view	—
Enter Ethernet interface view or port group view	Enter Ethernet interface view	interface interface-type interface-number	Use either command.
Enter Ethernet interface view or port group view	Enter port group view	port-group { manual port-group-name \| aggregation agg-id }	Use either command.
Configure broadcast storm suppression ratio		broadcast-suppression ratio	Optional By default, all broadcast traffic is allowed to pass through an interface, that is, broadcast traffic is not suppressed.

& Note:

l If you execute this command in Ethernet interface view, the configurations take effect only on the current interface. If you execute this command in port-group view, the configurations take effect on all ports in the port group.

l If an interface belongs to a port group and you set different suppression ratios in Ethernet interface view or port-group view for multiple times, the latest configuration takes effect.

1.1.7 Copying Interface Configurations

Using the copy configuration command you can easily copy configurations on the specified Ethernet interface to others Ethernet interfaces working in bridge mode.

Port configurations, GVRP configurations, STP configurations, port-isolate configurations, VLAN configurations, LACP configuration, QoS configurations, and QINQ configurations can all be copied.

l Port configurations, including link type of port, port rate, and duplex mode.

l GVRP configurations, including GVRP enabling/disabling, GVRP registration type, and Hold/Join/Leave timer length of a port.

l STP configurations, including STP enabling/disabling, link attributes (point-to-point or non-point-to-point), STP priority, path cost, rate limit, loop protection or not, root protection or not, and edge ports or not.

l Port-isolate configurations, including configurations of the isolated group which the port belongs to.

l VLAN configurations, including VLAN whose packets the port allows to pass and default VLAN ID.

l LACP configurations, including LACP enabling and disabling.

l QoS configurations, including rate limit, port priority, and default 802.1p priorities;

l QINQ configurations, including QINQ enabling/disabling, Ethernet protocol type, VLAN ID mapping, VLAN priority mapping, and BPDU TUNNEL configuration.

Follow these steps to copy configurations from the specified port to other ports:

To do...	Use the command...	Remarks
Enter system view	system-view	—
Copy configurations on the specified layer 2 Ethernet interface to other layer 2 Ethernet interfaces	copy configuration source interface-type interface-number destination interface-list	Required

& Note:

When you copy port-isolate configurations, make sure that the source and destination ports must not be uplink ports of the isolated group.

1.1.8 Enabling the Forwarding of Jumbo Frames

Due to tremendous amount of traffic occurring in Ethernet, it is likely that some frames might have a frame size greater than the standard Ethernet frame size. By allowing such frames (called jumbo frames) to pass through Ethernet interfaces, you can forward frames with a size greater than the standard Ethernet frame size and yet still within the specified parameter range.

Follow the following steps to enable the forwarding of jumbo frames

To do...	Use the command...	Remarks
Enter system view	system-view	—
Enable the forwarding of jumbo frames	jumboframe enable	Required By default, the device allows jumbo frames to pass through Ethernet interfaces. The length of jumbo frames is 1552 bytes for 100M port, and is 10240 bytes for 1000M port.

To do...

Use the command...

Remarks

Enter system view

system-view

—

Enable the forwarding of jumbo frames

jumboframe enable

Required

By default, the device allows jumbo frames to pass through Ethernet interfaces.

The length of jumbo frames is 1552 bytes for 100M port, and is 10240 bytes for 1000M port.

1.1.9 Enabling Loopback Detection on an Ethernet Interface

The purpose of loopback detection is to detect loopbacks on an interface.

When loopback detection is enabled on an Ethernet interface, the device will routinely check whether the ports have any external loopback. If it detects a loopback on a port, the device will turn that port under loopback detection mode.

l If an Access port has been detected with loopbacks, it will be shutdown. A Trap message will be sent to the terminal and the corresponding MAC address forwarding entries will be deleted.

l If a Trunk port or Hybrid port has been detected with loopbacks, a Trunk message will be sent to the terminal. They will be shutdown if the loopback testing function is enabled on them. In addition, a Trap message will be sent to the terminal and the corresponding MAC address forwarding entries will be deleted.

Follow the following steps to configure loopback detection:

To do...	Use the command...	Remarks
Enter system view	system-view	—
Enable global loopback detection	loopback-detection enable	Required Disabled by default
Configure the time interval for port loopback detection	loopback-detection interval-time time	Optional Default to 30 seconds
Enter Ethernet interface view	interface interface-type interface-number	—
Enable loopback detection on a specified port	loopback-detection enable	Required Disabled by default
Enable loopback detection on a Trunk port or a Hybrid port	loopback-detection control enable	Optional Disabled by default
Enable loopback detection in all VLANs with Trunk ports or Hybrid ports	loopback-detection per-vlan enable	Optional Enabled only in the default VLAN(s) with Trunk port or Hybrid ports
Display loopback detection information on a port	display loopback-detection	Available in any view

Caution:

l Loopback detection on a given port is enabled only after the loopback-detection enable command has been issued in both system view and the interface view of the port.

l Loopback detection on all ports will be disabled after the issuing of the undo loopback-detection enable command under system view.

1.1.10 Configuring the Cable Type for an Ethernet Interface

Two types of Ethernet cables are available: crossover cable and straight-through cable. Crossover cables are used between terminal devices and network devices, while straight-through cables are used between terminal devices.

Follow these steps to configure the cable type for an Ethernet Interface:

To do...	Use the command...	Remarks
Enter system view	system-view	—
Enter Ethernet interface view	interface interface-type interface-number	—
Configure the cable type for an Ethernet interface	mdi { across \| auto \| normal }	Optional Defaults to auto, that is, system automatically detects the type of cable in use.

& Note:

l The mdi command is not supported in a Combo optical port.

l The GE port of S3610 Series Ethernet Switches only supports the mdi auto configuration.

1.1.11 Testing the Cable on an Ethernet Interface

Complete the following configurations to test the current working state of the cable on an Ethernet interface. The system will return the testing result within five seconds, indicating the receiving direction (RX), transmit direction (TX), any short-circuit or open circuit, and the length of the faulty cable.

To do...	Use the command...	Remarks
Enter system view	system-view	—
Enter Ethernet interface view	interface interface-type interface-number	—
Test the current working state of Ethernet interface cables	virtual-cable-test	Required

& Note:

l The virtual-cable-test command is not supported on a Combo optical port.

l When the cable is functioning properly, the cable length in the test result represents no meaning. When the cable is not functioning properly, the cable length in the test result represents the length from the current interface to the failed position.

l It is not recommended testing the cable on a 100M port when it under the shutdown condition, otherwise, the test will fail.

l For the 100M port, current device does not support getting the total cable length when the cable under normal status.

1.1.12 Configuring the Interval to Perform Statistical Analysis on Port Traffic

By performing the following configuration, you can set the interval to perform statistical analysis on the traffic of a port.

When you use the display interface interface-type interface-number command to display the information of a port, the system performs statistical analysis on the traffic flow passing through the port during the specified interval and displays the average rates in the interval. For example, if you set this interval to 100 seconds, the displayed information is as follows:

Last 100 seconds input: 0 packets/sec 0 bytes/sec

Last 100 seconds output: 0 packets/sec 0 bytes/sec

Set the interval to perform statistical analysis on port traffic

To do...	Use the command...	Remarks
Enter system view	system-view	—
Enter Ethernet port view	interface interface-type interface-number	—
Set the interval to perform statistical analysis on port traffic	flow-interval interval	Optional By default, this interval is 300 seconds.

1.2 Maintaining and Displaying an Ethernet Interface

To do...	Use the command...	Remarks
Display the current state of a specified interface and related information	display interface [ interface-type [ interface-number ] ]	Available in any view
Display a summary of a specified interface	display brief interface [ interface-type [ interface-number ] ] [ \| { begin \| include \| exclude} regular-expression ]	Available in any view
Reset the statistics of a specified interface	reset counters interface [ interface-type [ interface-number ] ]	Available in user view
Display the current ports of a specified type	display port { hybrid \| trunk }	Available in any view
Display information of combo port on the current device (only S5510 series Ethernet switches support combo port)	display port combo	Available in any view

Chapter 2 Link Aggregation Configuration

2.1 Link Aggregation Overview

Link aggregation allows you to increase bandwidth by distributing incoming/outgoing traffic on the member ports in an aggregation group. In addition, it provides reliable connectivity because these member ports can dynamically back up each other.

2.1.1 Consistency Considerations for Ports in an Aggregation

To participate in traffic sharing, member ports in an aggregation must use consistent configurations with respect to STP, QoS, VLAN, and port attribute, as shown in the following table.

Table 2-1 Consistency considerations for ports in an aggregation

Item	Considerations
STP	Enable/disable state of port-level STP Attribute of the link (point-to-point or otherwise) connected to the port STP priority Maximum transmission rate Enable/disable state of loop protection Enable/disable state of root protection Whether the port is an edge port
QoS	Traffic policing Traffic shaping Congestion avoidance Physical interface rate limiting Strict priority (SP) queuing Weighted round robin (WRR) queuing Port priority Port priority trust mode Policy setting on the port Flow template Hardware weighted fair queuing (HWFQ)
VLAN	VLANs carried on the port Default VLAN ID on the port Link type of the port, which can be trunk, hybrid, or access
GVRP	GVRP state on ports (enabled or disabled) GVRP registration type GARP timers
Q-in-Q	State of Q-in-Q (enabled or disabled) Added outer VLAN tag Mappings between outer VLAN tags and inner VLAN tag Policy of appending outer VLAN tag specific to inner VLAN IDs Substitution between inner VLAN IDs
BPDU tunnel	BPDU tunnel state on ports (enabled or disabled) BPDU tunnel state for STP on ports (enabled or disabled)
VLAN	VLANs carried on the port Default VLAN ID on the port Link type of the port, which can be trunk, hybrid, or access
Port attribute	Port rate Duplex mode Up/down state of the link Isolation group membership of the port
MAC address learning	Setting of maximum number of MAC addresses that can be learned on the port Forwarding of frames with unknown destination MAC addresses after the upper limit of the MAC address table is reached

2.1.2 LACP

The link aggregation control protocol (LACP), as defined in IEEE 802.3ad, dynamically aggregates ports and removes aggregations.

LACP interacts with its peer by sending link aggregation control protocol data units (LACPDUs).

After LACP is enabled on a port, the port sends an LACPDU to notify the remote system of its system LACP priority, system MAC address, port LACP priority, port number, and operational key. Upon receipt of an LACPDU, the remote system compares the received information with the information received on other ports to make aggregation decision. This allows the two systems to reach agreement on whether the port could join or leave a dynamic LACP aggregation group. (Sometimes, local and remote systems are referred to as actor and partner systems in link aggregation.)

When aggregating ports, link aggregation control automatically assigns each port an operational key based on its rate, duplex mode, and other basic configurations. In a dynamic LACP aggregation, all ports share the same operational key; in a manual or static LACP aggregation, the selected ports share the same operational key.

2.2 Approaches to Link Aggregation

& Note:

Throughout this manual, manual link aggregation group, static LACP link aggregation, and dynamic LACP link aggregation are referred to as manual aggregation, static aggregation, and dynamic aggregation if not stated otherwise.

2.2.1 Manual Link Aggregation

I. Overview

In the manual aggregation approach, aggregation groups are created administratively and automatic port adding/removal is not available.

On the ports in a manual aggregation, LACP is disabled and cannot be administratively enabled.

II. Port states in a manual aggregation

In a manual aggregation group, ports are either selected or unselected. Selected ports can receive and transmit data frames whereas unselected ones cannot. Among all selected ports, the one with the lowest port number is the master port and others are member ports.

When setting the state of ports in a manual aggregation group, the system:

l Select a port from the ports in up state (if any) as the master port, in the order of full duplex/high speed, full duplex/low speed, half duplex/high speed, and half duplex/low speed, with the full duplex/high speed being the most preferred. If two ports with the same duplex mode/speed pair are present, the one with the lower port number wins out. Then, place those ports in up state with the same speed/duplex pair, link state and basic configuration as the master port in selected state and all others in unselected state.

l When all ports in the group are down, select the port with the lowest port number as the master port and set all ports (including the master) in unselected state.

l Place the ports that cannot aggregate with the master in unselected state, for example, as the result of the cross-board aggregation restriction.

Manual aggregation limits the number of selected ports in an aggregation group. When the limit is exceeded, the system changes the state of selected ports with greater port numbers to unselected until the number of selected ports drops under the limit.

In addition, unless the master port should be selected, a port that joins the group after the limit is reached will not be placed in selected state even if it should be in normal cases. This is to prevent the ongoing service on selected ports from being interrupted. You need to avoid the situation however as the selected/unselected state of a port may become different after a reboot.

III. Port Configuration Considerations in manual aggregation

As mentioned above, in a manual aggregation group, only ports with configurations consistent with those of the master port can become selected. These configurations include port rate, duplex mode, link state and other basic configurations described in section “Consistency Considerations for Ports in an Aggregation.”

You need to maintain the basic configurations of these ports manually to ensure consistency. As one configuration change may involve multiple ports, this can become troublesome if you need to do that port by port. As a solution, you may add the ports into an aggregation port group where you can make configuration for all member ports.

When the configuration of some port in a manual aggregation group changes, the system does not remove the aggregation as it does in a dynamic aggregation group; instead, it re-sets the selected/unselected state of the member ports and re-selects a master port.

2.2.2 Static LACP link aggregation

I. Overview

In the static aggregation approach, aggregation groups are created administratively and the system cannot automatically add or remove ports.

On the ports in the group, LACP is enabled and cannot be administratively disabled. After the group is removed, all the member ports in up state form one or multiple dynamic aggregations with LACP enabled.

II. Port states in static aggregation

In a static aggregation group, ports can be selected or unselected, where both can receive and transmit LACPDUs but only selected ports can receive and transmit data frames. The selected port with the lowest port number is the master port and all others are member ports.

All member ports that cannot aggregate with the master are placed in unselected state. These ports include those using the basic configurations different from the master port or those located on a board different from the master port because of the cross-board aggregation restriction.

Member ports in up state can be selected if they have the configuration same as that of the master port. The number of selected ports however, is limited in a static aggregation group. When the limit is exceeded, the local and remote systems negotiate the state of their ports as follows:

1) Compare the actor and partner system IDs that each comprises a system LACP priority plus a system MAC address as follow:

l First compare the system LACP priorities. The system with lower system LACP priority wins out.

l If they are the same, compare the system MAC addresses. The system with the smaller ID has higher priority. (the lower the LACP priority, the smaller the MAC address, and the smaller the device ID)

2) Compare the port IDs that each comprises a port LACP priority and a port number on the system with higher ID as follows:

l Compare the port LACP priorities. The port with lower port LACP priority wins out.

l If two ports with the same port LACP priority are present, compare their port numbers. The state of the ports with lower IDs then change to selected and the state of the ports with higher IDs to unselected, so does the state of their corresponding remote ports. (the lower the LACP priority, the smaller the port number, and the smaller the port ID)

& Note:

The maximum number of selected ports in a static aggregation group varies by device.

III. Port configuration considerations in static aggregation

Like in a manual aggregation group, in a static LACP aggregation group, only ports with configurations consistent with those of the master port can become selected. These configurations include port rate, duplex mode, link state and other basic configurations described in section “Consistency Considerations for Ports in an Aggregation.”

When the configuration of some port in a static aggregation group changes, the system does not remove the aggregation as it does in a dynamic aggregation group; instead, it re-sets the selected/unselected state of the member ports and re-selects a master port.

2.2.3 Dynamic LACP link aggregation

I. Overview

In the dynamic aggregation approach, aggregation groups are created and removed automatically and you cannot add or remove member ports.

The ports in a dynamic aggregation group must terminate at the same device, and use the same speed/duplex pair and other basic configurations. Disabling LACP on one port can result in the removal of all ports from the group. It is possible for a single port to form a dynamic aggregation group. This is called single aggregation.

II. Port states in dynamic aggregation

In a dynamic aggregation group, ports can be selected or unselected, where both can receive and transmit LACPDUs but only selected ports can receive and transmit data frames. The selected port with the lowest port number is the master port and all others are member ports.

Dynamic aggregation limits the number of selected ports in an aggregation group. Under the limit, all ports in up state can be selected if their configurations are consistent with those of the master port. When the limit is exceeded, the local and remote systems negotiate the state of their ports as described in the previous section for static aggregation.

2.2.4 Load Sharing in a Link Aggregation Group

Link aggregation groups fall into two types: load sharing aggregation group and non-load-sharing aggregation group, depending on their support to load sharing.

l Link aggregation groups perform load sharing depending on availability of hardware resources. When hardware resources are available, link aggregation groups created containing at least two selected ports are load sharing aggregation groups; link aggregation groups created with only one selected port are load sharing aggregation groups.

l Link aggregation groups created after hardware resources become depleted are non-load-sharing ones.

Note the following:

1) A load sharing aggregation group still supports load sharing even if there is only one port in it.

2) A load sharing aggregation group has one or more selected ports, while a non-load-sharing aggregation group has no more than one selected port besides the unselected ones.

3) Currently, the number of load-sharing aggregation groups supported on a device is half of the number of ports on the device.

4) The system distributes load sharing resources among manual, static, and dynamic aggregation groups in the following precedence order:

l Static/manual aggregation groups take precedence over dynamic aggregation groups.

l For two aggregation groups of the same kind (static/manual or dynamic), the one with higher potential speed takes precedence over the other with lower potential speed.

l If the two aggregation groups have the same potential speed, the one with the smaller master port number takes precedence over the other one.

2.3 Service Loop Group

If a device that supports service board intermixing is present in a distributed system, you need to create service-loop ports to redirect services between these boards. Thus, when a service board receives traffic not intended for it, the board can redirect the traffic to the intended destination. To increase the throughput, you may create service-loop groups.

You can create a service-loop group by creating a manual aggregation group of service-loop ports first and then specifying which services can be redirected for the group. At present, you may specify to redirect four types of services, IPv6, IPv6mc (IPv6 multicast), tunnel, and MPLS, where the first three types can be specified for the same service-loop group.

& Note:

Current device only support Tunnel service.

Any two service-loop groups however, cannot support the same type of service. When changing the service type of a service-loop group, you must ensure that the desired one is not supported by any other service-loop groups. You may fail to change the service type if the involved service-loop group is referenced by a module or if the ports contained in the group are not compatible with the desired service type.

After creating a service-loop group, assign the ports that support its service type to the group considering the following:

l These ports can be configured only with the physical configuration such as speed and duplex mode, QoS, and ACL. Other conflicting configurations, such as STP cannot be configured.

l These ports must be placed in VLAN 1. After passing configuration conflict check, they are removed from VLAN 1.

After assigning a port to a service-loop group, you may configure it with other non-conflicting settings, such as QoS.

The ports in a service-loop group do not belong to any VLAN. After you remove one port from the group, you need to assign it to VLAN 1. If this group is performing load sharing, it continues to function this way even after all selected ports are removed but one to ensure ongoing service.

2.4 Aggregation Port Group

As mentioned earlier, in a manual or static aggregation group, a port can be selected only when its configuration is the same as that of the master port in terms of duplex/speed pair, link state, and other basic configurations. Their configuration consistency requires administrative maintenance, which is troublesome after you change some configuration.

To simplify configuration, port-groups are provided allowing you to configure for all ports in individual groups at one time. One example of port-groups is aggregation port group.

Upon creation or removal of a link aggregation group, an aggregation port-group which cannot be administratively created or removed is automatically created or removed. In addition, you can only assign/remove a member port to/from an aggregation port-group by assigning/removing it from the corresponding link aggregation group.

For more information about port-groups, refer to the 1.1.5 Configuring a Port Group part in this manual.

2.5 Configuring Link Aggregation

2.5.1 Configuring a Manual Link Aggregation Group

Follow these steps to configure a manual aggregation group:

To do…	Use the command…	Remarks
Enter system view	system-view	––
Create a manual aggregation group	link-aggregation group agg-id mode manual	Required
Enter Ethernet interface view	interface interface-type interface-number	––
Assign the Ethernet port to the aggregation group	port link-aggregation group agg-id	Required

Note that:

l You may create a manual aggregation group by changing the type of a static or dynamic aggregation group that has existed. If the specified group contains ports, its group type changes to manual with LACP disabled on its member ports; if not, its group type directly changes to manual.

l An aggregation group cannot include fabric ports, reflector ports in mirroring, ports with static MAC addresses or black hole MAC addresses, or 802.1x-enabled ports.

l Whether monitor ports in mirroring or a port with a MAC address learning limit can join an aggregation group depends on the model of your device.

l After you assign an LACP-enabled port to a manual aggregation group, its LACP will be disabled.

l You can remove all ports in a manual aggregation group by removing the group. If this group contains only one port, you can remove the port only by removing the group.

Note:

To guarantee a successful aggregation, ensure that the ports at the two ends of each link to be aggregated are consistent in selected/unselected state.

2.5.2 Configuring a Static LACP Link Aggregation Group

Follow these steps to configure a static aggregation group:

To do…	Use the command…	Remarks
Enter system view	system-view	––
Configure the system LACP priority	lacp system-priority system-priority-value	Optional 32768 by default
Create a static LACP aggregation group	link-aggregation group agg-id mode static	Required
Enter Ethernet interface view	interface interface-type interface-number	––
Assign the Ethernet port to the aggregation group	port link-aggregation group agg-id	Required
Configure the port LACP priority	lacp port-priority port-priority-value	Optional 32768 by default

Note that:

l You may create a static aggregation group by changing the type of an existing link aggregation group. If this group exists with ports, its type must be dynamic LACP; if not, its type can be manual or dynamic LACP. Creating a static aggregation group from a dynamic one does not affect the enabling state of LACP on the member ports.

l An aggregation group cannot include fabric ports, reflector ports in mirroring, ports with static MAC addresses, or 802.1x-enabled ports.

l Whether monitor ports in mirroring or a port with a MAC address learning limit can join an aggregation group depends on the model your device.

l After you assign an LACP-disabled port to a static aggregation group, its LACP will be enabled.

l After you remove a static LACP aggregation group, all its ports in up state form one or multiple dynamic LACP aggregations with LACP enabled. If this group contains only one port, you can remove the port only by removing the group.

& Note:

When making configuration, be aware that after a load-sharing aggregation group changes to a non-load-sharing group due to resources exhaustion, either of the following may happen:

l Forwarding anomaly resulted from inconsistency of the two ends in the number of selected ports.

l Some protocols such as GVRP malfunction because the state of the remote port connected to the master port is unselected.

2.5.3 Configuring a Dynamic LACP Link Aggregation Group

Follow these steps to configure a dynamic aggregation group:

To do…	Use the command…	Remarks
Enter system view	system-view	––
Configure the system LACP priority	lacp system-priority system-priority-value	Optional 32768 by default
Enter Ethernet interface view	interface interface-type interface-number	––
Enable LACP on the port	lacp enable	Required Disabled by default
Configure the port LACP priority	lacp port-priority port-priority-value	Optional 32768 by default

After you remove a dynamic aggregation group, all its member ports form a new dynamic aggregation group.

Caution:

l An aggregation group cannot include fabric ports, monitor ports in mirroring, ports with static MAC addresses, ports with static ARP enabled, or 802.1x-enabled ports.

l Enabling LACP on a member port in manual aggregation group will fail.

2.5.4 Configuring an Aggregation Group Name

Follow these steps to configure a name for an aggregation group:

To do…	Use the command…	Remarks
Enter system view	system-view	––
Configure a name for a link aggregation group	link-aggregation group agg-id description agg-name	Required None is configured by default.

To do…

Use the command…

Remarks

Enter system view

system-view

––

Configure a name for a link aggregation group

link-aggregation group agg-id description agg-name

Required

None is configured by default.

Caution:

l When configuring a name for a link aggregation group, make sure that the group has existed. You may check for existing link aggregation groups with the display link-aggregation summary command or the display link-aggregation interface command.

l The configuration of dynamic aggregation groups including their group names cannot survive a reboot even if you have saved configuration before that.

2.5.5 Configuring a Service Loop Group

Follow these steps to configure a service loop group:

To do…	Use the command…	Remarks
Enter system view	system-view	––
Create a manual aggregation group	link-aggregation group agg-id mode manual	Required
Specify services to be supported by the aggregation group	link-aggregation group agg-id service-type tunnel	Required
Enter Ethernet interface view	interface interface-type interface-number	––
Assign the Ethernet port to the aggregation group	port link-aggregation group agg-id	Required

2.5.6 Entering Aggregation Port Group View

In aggregation port group view, you can configure for all the member ports in a link aggregation group at one time.

Follow these steps to enter aggregation port group view:

To do…	Use the command…	Remarks
Enter system view	system-view	––
Enter aggregation port group view	port-group aggregation agg-id	––

Caution:

In aggregation port group view, you can configure aggregation related settings such as STP, VLAN, QoS, GVRP, Q-in-Q, BPDU tunnel, MAC address learning, but cannot add or remove member ports.

2.6 Displaying and Maintaining Link Aggregation

To do…	Use the command…	Remarks
Display the local system ID	display lacp system-id	Available in any view
Display detailed information on link aggregation for the specified port or ports	display link-aggregation interface interface-type interface-number [ to interface-type interface-number ]	Available in any view
Display information about the specified or all service loop groups	display link-aggregation service-type [ agg-id ]	Available in any view
Display summaries for all link aggregation groups	display link-aggregation summary
Display detailed information about specified or all link aggregation groups	display link-aggregation verbose [ agg-id ]
Clear the statistics about LACP for specified or all ports	reset lacp statistics [ interface interface-type interface-number [ to interface-type interface-number ] ]	Available in user view

2.7 Link Aggregation Configuration Example

I. Network requirements

Switch A aggregates ports Ethernet 1/0/1 through Ethernet 1/0/3 to form one link connected to Switch B, achieving load sharing among these ports.

Create an IPv6 service loop group and assign port Ethernet 1/0/1 to the group.

II. Network diagram

Figure 2-1 Network diagram for link aggregation

III. Configuration procedure

& Note:

This example only describes how to configure on Switch A. To achieve link aggregation, do the same on Switch B.

1) In manual aggregation approach

# Create manual aggregation group 1.

<Sysname> system-view

[Sysname] sysname SwitchA

[SwitchA] link-aggregation group 1 mode manual

# Assign ports Ethernet 1/0/1 through Ethernet 1/0/3 to the group.

[SwitchA] interface ethernet 1/0/1

[SwitchA-Ethernet1/0/1] port link-aggregation group 1

[SwitchA-Ethernet1/0/1] quit

[SwitchA] interface ethernet 1/0/2

[SwitchA-Ethernet1/0/2] port link-aggregation group 1

[SwitchA-Ethernet1/0/2] quit

[SwitchA] interface ethernet 1/0/3

[SwitchA-Ethernet1/0/3] port link-aggregation group 1

2) In static aggregation approach

# Create static aggregation group 1.

<SwitchA> system-view

[SwitchA] link-aggregation group 1 mode static

# Assign ports Ethernet 1/0/1 through Ethernet 1/0/3 to the group.

[SwitchA] interface ethernet 1/0/1

[SwitchA-Ethernet1/0/1] port link-aggregation group 1

[SwitchA-Ethernet1/0/1] quit

[SwitchA] interface ethernet 1/0/2

[SwitchA-Ethernet1/0/2] port link-aggregation group 1

[SwitchA-Ethernet1/0/2] quit

[SwitchA] interface ethernet 1/0/3

[SwitchA-Ethernet1/0/3] port link-aggregation group 1

3) In dynamic aggregation approach

# Enable LACP on ports Ethernet 1/0/1 through Ethernet 1/0/3.

<SwitchA> system-view

[SwitchA] interface ethernet 1/0/1

[SwitchA-Ethernet1/0/1] lacp enable

[SwitchA-Ethernet1/0/1] quit

[SwitchA] interface ethernet 1/0/2

[SwitchA-Ethernet1/0/2] lacp enable

[SwitchA-Ethernet1/0/2] quit

[SwitchA] interface ethernet 1/0/3

[SwitchA-Ethernet1/0/3] lacp enable

& Note:

The three ports can form one dynamic aggregation group only when they share the same basic configuration.

4) Configure a service loop group

# Create a manual aggregation group.

<Sysname> system-view

[Sysname] sysname SwitchA

[SwitchA] link-aggregation group 1 mode manual

# Specify this group to be an IPv6 service loop group.

[SwitchA] link-aggregation group 1 service-type ipv6

# Assign port Ethernet 1/0/1 to the service loop group.

[SwitchA] interface ethernet 1/0/1

[SwitchA-Ethernet1/0/1] port link-aggregation group 1

& Note:

Before assigning port Ethernet 1/0/1 to the service loop group, disable STP on it.

Chapter 3 Port Isolation Configuration

3.1 Introduction to Port Isolation

To implement Layer 2 isolation, you can add different ports to different VLANs. However, this will waste the limited VLAN resource. With port isolation, the ports can be isolated within the same VLAN. Thus, you need only to add the ports to the isolation group to implement Layer 2 isolation. This provides you with more secure and flexible networking schemes.

Note that:

l Current device supports only one isolation group that is created automatically by the system as Isolation Group 1. The user can neither delete the isolation group nor create other isolation groups.

l There is no restriction on the number of ports to be added to an isolation group.

& Note:

l When a port in the summary group is configured as the ordinary port for some isolation group, the other ports of the summary group can be added to the isolation group as ordinary ports but cannot be configured as uplink ports.

l When a port in the summary group is configured as the uplink port for some isolation group, the other ports of the summary group cannot be added to the isolation group and the other ports of the device cannot be added to the summary group.

l Port separation is only effective for Layer 2 data, please use local-proxy-arp enable command in VLAN interface view to implement port separation for Layer 3 data.

Port isolation is independent of the VLAN the port belongs to.

l For ports belong to different VLANs, layer 2 data can pass only from the ordinary port to the uplink port in the same isolation group unidirectionally.

l Within the same VLAN, the connectivity of layer 2 data between different types of ports is shown in Figure 3-1.

Figure 3-1 Connectivity of layer 2 data between ports inside and outside an isolation group

& Note:

The arrows in the above figure indicate the transmission direction of layer 2 data.

3.2 Configuring Isolation Groups on a Centralized Device

Follow these steps to configure an isolation group on a centralized device:

To do…		Use the command…	Remarks
Enter system view		system-view	—
Enter Ethernet interface view or port group view	Enter Ethernet interface view	interface interface-type interface-number	One of them is required. Configured in Ethernet interface view, the setting is effective on the current port only; configured in port group view, the setting is effective on all ports in the port group.
Enter Ethernet interface view or port group view	Enter port group view	port-group { manual port-group-name \| aggregation agg-id }
Configure the specified port as an ordinary port of an isolation group		port-isolate enable	No ports are added to the isolation group by default.	One of them is required. Namely, a port is either an ordinary port or an uplink port of an isolation group.
Configure the specified port as an uplink port of the isolation group		port-isolate uplink-port	An isolation group has no uplink port by default. This configuration is available only in Ethernet interface view.

& Note:

When a user configures multiple ports as the uplink port, only the last one prevails.

3.3 Displaying and Maintaining Isolation Groups

Follow these steps to display and maintain an isolation group:

To do…	Use the command…	Remarks
Display an isolation group and its information (on a centralized device)	display port-isolate group	Available in any view

3.4 Port Isolation Configuration Example

I. Networking requirement

l Users PC1, PC2 and PC3 are connected to ports Ethernet1/0/2, Ethernet1/0/3 and Ethernet1/0/4 respectively;

l The device is connected to outer network through port Ethernet1/0/1;

l Ethernet1/0/2, Ethernet1/0/3, Ethernet1/0/4, and Ethernet1/0/1 belong to the same VLAN. PC1, PC2, and PC3 cannot communicate with one another, but they can access the Internet.

II. Networking diagram

Figure 3-2 Networking diagram for port isolation configuration on a distributed device

III. Configuration procedure

1) Configuration procedure on a centralized device

# Add ports Ethernet1/0/1, Ethernet1/0/2 and Ethernet1/0/3 to the isolation group.

<Sysname> system-view

[Sysname] interface Ethernet 1/0/2

[Sysname-Ethernet1/0/2] port-isolate enable

[Sysname-Ethernet1/0/2] quit

[Sysname] interface Ethernet 1/0/3

[Sysname-Ethernet1/0/3] port-isolate enable

[Sysname-Ethernet1/0/3] quit

[Sysname] interface Ethernet 1/0/4

[Sysname-Ethernet1/0/4] port-isolate enable

[Sysname-Ethernet1/0/4] quit

# Configure port Ethernet1/0/1 as the uplink port of the isolation group.

[Sysname] interface Ethernet 1/0/1

[Sysname-Ethernet1/0/1] port-isolate uplink-port

[Sysname-Ethernet1/0/1] return

# Display information of the isolation group.

<Sysname> display port-isolate group

Port-isolate group information:

Uplink port support: YES

Group ID: 1

Uplink port: Ethernet1/0/1

Ethernet1/0/2 Ethernet1/0/3 Ethernet1/0/4

H3C S3610[5510] Series Ethernet Switches Operation Manual-Release 0001-(V1.02)

Chapter 1 Ethernet Interface Configuration

1.1 General Ethernet Interface Configuration

I. Introduction to Combo port

III. Configuring Combo port state

1.1.5 Configuring a Port Group

1.1.6 Configuring a Storm Suppression Ratio on an Ethernet Interface

1.1.7 Copying Interface Configurations

1.1.8 Enabling the Forwarding of Jumbo Frames

1.1.9 Enabling Loopback Detection on an Ethernet Interface

1.1.10 Configuring the Cable Type for an Ethernet Interface

1.1.11 Testing the Cable on an Ethernet Interface

1.1.12 Configuring the Interval to Perform Statistical Analysis on Port Traffic

1.2 Maintaining and Displaying an Ethernet Interface

2.1 Link Aggregation Overview

2.1.1 Consistency Considerations for Ports in an Aggregation

2.1.2 LACP

2.2 Approaches to Link Aggregation

I. Overview

II. Port states in a manual aggregation

III. Port Configuration Considerations in manual aggregation

2.2.2 Static LACP link aggregation

I. Overview

II. Port states in static aggregation

III. Port configuration considerations in static aggregation

2.2.3 Dynamic LACP link aggregation

I. Overview

II. Port states in dynamic aggregation

2.2.4 Load Sharing in a Link Aggregation Group

2.3 Service Loop Group

2.4 Aggregation Port Group

2.5 Configuring Link Aggregation

2.5.1 Configuring a Manual Link Aggregation Group

2.5.2 Configuring a Static LACP Link Aggregation Group

2.5.3 Configuring a Dynamic LACP Link Aggregation Group

2.5.4 Configuring an Aggregation Group Name

2.5.5 Configuring a Service Loop Group

2.5.6 Entering Aggregation Port Group View

2.6 Displaying and Maintaining Link Aggregation

2.7 Link Aggregation Configuration Example

I. Network requirements

II. Network diagram

III. Configuration procedure

Chapter 3 Port Isolation Configuration

I. Networking requirement

II. Networking diagram

III. Configuration procedure

Intelligent Terminal Products

Product Support Services

Technical Service Solutions

Resource Center

Policy

Online Help

Become a Partner

Partner Policy & Program

Global Learning

Partner Sales Resources

Service Business

News & Events

Contact Us