- Table of Contents
-
- H3C S3100 Series Ethernet Switches Command Manual (For Soliton)(V1.02)
- 00-1Cover
- 01-CLI Commands
- 02-Login Commands
- 03-Configuration File Management Commands
- 04-VLAN Commands
- 05-Management VLAN Commands
- 06-IP Address-IP Performance Commands
- 07-Voice VLAN Commands
- 08-GVRP Commands
- 09-Port Basic Configuration Commands
- 10-Link Aggregation Commands
- 11-Port Isolation Commands
- 12-Port Security-Port Binding Commands
- 13-DLDP Commands
- 14-MAC Address Table Management Commands
- 15-MSTP Commands
- 16-Multicast Commands
- 17-802.1x-System Guard Commands
- 18-AAA Commands
- 19-MAC Address Authentication Commands
- 20-ARP Commands
- 21-DHCP Commands
- 22-ACL Commands
- 23-QoS-QoS Profile Commands
- 24-Mirroring Commands
- 25-Stack-Cluster Commands
- 26-SNMP-RMON Commands
- 27-NTP Commands
- 28-SSH Commands
- 29-File System Management Commands
- 30-FTP-SFTP-TFTP Commands
- 31-Information Center Commands
- 32-System Maintenance and Debugging Commands
- 33-VLAN-VPN Commands
- 34-HWPing Commands
- 35-IPv6 Management Commands
- 36-DNS Commands
- 37-Smart Link-Monitor Link Commands
- 38-Appendix
Title | Size | Download |
---|---|---|
33-VLAN-VPN Commands | 66.05 KB |
Chapter 1 VLAN-VPN Configuration Commands
1.1 VLAN-VPN Configuration Commands
Chapter 2 Selective QinQ Configuration Commands
2.1 Selective QinQ Configuration Commands
2.1.3 vlan-vpn selective enable
Chapter 3 VLAN Mapping Configuration Commands
3.1 VLAN Mapping Configuration Commands
Chapter 4 BPDU Tunnel Configuration Commands
4.1 BPDU Tunnel Configuration Commands
Chapter 1 VLAN-VPN Configuration Commands
1.1 VLAN-VPN Configuration Commands
1.1.1 display port vlan-vpn
Syntax
display port vlan-vpn
View
Any view
Parameters
None
Description
Use the display port vlan-vpn command to display the information about VLAN-VPN configuration of the current system.
Related commands: vlan-vpn enable, vlan-vpn inner-cos-trust, vlan-vpn tpid.
Examples
# Display the VLAN-VPN configuration of the current system.
<Sysname> display port vlan-vpn
VLAN-VPN TPID: 8200
Ethernet1/0/1
VLAN-VPN status: enabled
VLAN-VPN VLAN: 1
Ethernet1/0/5
VLAN-VPN status: enabled
VLAN-VPN VLAN: 1
Table 1-1 Description on the fields of the display port vlan-vpn command
Field |
Description |
VLAN-VPN TPID |
Global TPID value |
Ethernet1/0/1 |
The port with the VLAN VPN feature enabled |
VLAN-VPN status |
The operation status of the VLAN VPN feature on the port |
VLAN-VPN VLAN |
The VLAN corresponding to the tag that the port tags packets with, that is, the default VLAN of the port |
1.1.2 vlan-vpn enable
Syntax
vlan-vpn enable
undo vlan-vpn
View
Ethernet port view
Parameters
None
Description
Use the vlan-vpn enable command to enable the VLAN-VPN feature for a port.
Use the undo vlan-vpn command to disable the VLAN-VPN feature for a port.
By default, the VLAN-VPN feature is disabled.
With the VLAN-VPN feature enabled, a received packet is tagged with the default VLAN tag of the receiving port no matter whether or not the packet already carries a VLAN tag.
l If the packet already carries a VLAN tag, the packet becomes a dual-tagged packet.
l Otherwise, the packet becomes a packet carrying the default VLAN tag of the port.
You can use the display port vlan-vpn command to display the configuration information of VLAN-VPN on the ports to verity your configuration.
After the VLAN-VPN function is enabled, you can use the vlan-vpn vid command and the raw-vlan-id inbound command to configure the selective QinQ function. Refer to Selective QinQ Configuration Commands for details.
Examples
# Enable the VLAN-VPN feature for Ethernet 1/0/1 port.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] interface Ethernet 1/0/1
[Sysname-Ethernet1/0/1] vlan-vpn enable
1.1.3 vlan-vpn tpid
Syntax
vlan-vpn tpid value
undo vlan-vpn tpid
View
System view
Parameters
value: User-defined TPID value (in hexadecimal format), in the range 0x0001 to 0xFFFF.
Description
Use the vlan-vpn tpid command to set the global TPID value. With the TPID value set , the port fills the value to the TPID field of the outer tag to be added for a packet and, upon receiving a packet, compares the TPID value with the TPID field of the packet to determine whether the packet carries a VLAN tag or not.
Use the undo vlan-vpn tpid command to restore the default TPID value.
The default TPID value is 0x8100.
For the position and function of the TPID field in a packet, refer to VLAN Operation.
The TPID field in an Ethernet frame has the same position with the protocol type field in a frame without a VLAN tag. To prevent other devices in the network from recognizing the tag-encapsulated packets of the current switch as protocol packets, you are not allowed to set the TPID value to any of the values in the table below.
Table 1-2 Common Ethernet frame protocol type values
Protocol type |
Value |
ARP |
0x0806 |
IP |
0x0800 |
MPLS |
0x8847/0x8848 |
IPX |
0x8137 |
IS-IS |
0x8000 |
LACP |
0x8809 |
802.1x |
0x888E |
Examples
# Set the global TPID value to 0x9100.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] vlan-vpn tpid 9100
Chapter 2 Selective QinQ Configuration Commands
2.1 Selective QinQ Configuration Commands
2.1.1 raw-vlan-id inbound
Syntax
raw-vlan-id inbound vlan-id-list
undo raw-vlan-id inbound { all | vlan-id-list }
View
QinQ view
Parameters
vlan-id-list: Lists of VLAN IDs. After receiving packets of these VLANs, the switch will encapsulate the packets with the specified outer VLAN tag. You need to provide this argument in the form of { vlan-id [ to vlan-id ] }&<1-10>, where the VLAN ID after the to keyword must be larger than or equal to the VLAN ID before the to keyword and &<1-10> means that you can specify up to 10 VLANs/VLAN ranges for this argument.
all: Removes all configurations of encapsulating an outer VLAN tag for specified inner VLANs in the current view.
Description
Use the raw-vlan-id inbound command to specify to encapsulate packets with the specified inner VLAN tags with the specified outer tag. This command must be configured on ports connecting the user network.
Use the undo raw-vlan-id inbound command to remove the configuration.
By default, the switch does not encapsulate packets with any outer VLAN tag.
Caution:
A packet cannot be tagged with different outer VLAN tags. To change the outer VLAN tag of a packet, you need to remove the existing outer VLAN tag configuration and configure a new outer VLAN tag.
Before configuring this command in QinQ view, you need to use the vlan-vpn vid command to configure the outer VLAN tag to be used in the selective QinQ policy.
Related commands: vlan-vpn vid.
Examples
# Configure Switch to add the tag of VLAN 20 as the outer tag to packets with their inner VLAN IDs being 8 through 15.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] vlan-vpn vid 20
[Sysname-vid-20] raw-vlan-id inbound 8 to 15
2.1.2 vlan-vpn vid
Syntax
vlan-vpn vid vlan-id
undo vlan-vpn vid vlan-id
View
System view
Parameters
vlan-id: VLAN ID, in the range 1 to 4094.
Description
Use the vlan-vpn vid command to configure the outer VLAN tag for a selective QinQ policy (that is, the outer VLAN tag to be used by a port to encapsulate received packets) and to enter QinQ view.
Use the undo vlan-vpn vid command to remove the configured outer VLAN tag. Note that this command will also remove all configurations configured by the raw-vlan-id inbound command in QinQ view.
By default, no selective QinQ policy is configured on a port.
After specifying an outer VLAN tag and enter QinQ view, you need to use the raw-vlan-id inbound command to specify which VLANs’ packets will be encapsulated with the specified outer VLAN tag. Otherwise, the configuration of the outer VLAN tag is of no use.
Related commands: raw-vlan-id inbound.
Examples
# Specify to add VLAN 20 tag as the outer tags to the packets with their inner VLAN IDs being 2 through 14.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] vlan-vpn vid 20
[Sysname-vid-20] raw-vlan-id inbound 2 to 14
2.1.3 vlan-vpn selective enable
Syntax
vlan-vpn selective enable
undo vlan-vpn selective enable
View
Ethernet port view
Parameter
None
Description
Use the vlan-vpn selective enable command to enable the selective QinQ feature on a port. With the selective QinQ feature enabled, packets carrying specific inner VLAN tags are tagged with specific outer VLAN tags according to the VLAN tag mapping rules defined.
Use the undo vlan-vpn selective enable command to disable the selective QinQ feature.
By default, the selective QinQ feature is disabled on a port.
Related commands: vlan-vpn vid, raw-vlan-id inbound.
Example
# Enable the selective QinQ feature on Ethernet 1/0/1.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] interface Ethernet 1/0/1
[Sysname-Ethernet1/0/1] vlan-vpn selective enable
Chapter 3 VLAN Mapping Configuration Commands
3.1 VLAN Mapping Configuration Commands
3.1.1 vlan-mapping
Syntax
vlan-mapping vlan old-vlan-id remark new-vlan-id
undo vlan-mapping vlan old-vlan-id
View
System view, Ethernet port view
Parameter
vlan old-vlan-id: Specifies the source VLAN ID for VLAN mapping. The old-vlan-id argument is in the range of 1 to 4094.
remark new-vlan-id: Specifies the target VLAN ID for VLAN mapping. The new-vlan-id argument is in the range of 1 to 4094.
Description
Use the vlan-mapping command in system view to define a global VLAN mapping rule. A VLAN mapping rule maps the VLAN tag of a specific VLAN carried in packets to another one.
Use the vlan-mapping command in Ethernet port view to define a VLAN mapping rule for the current port and enable the VLAN mapping function for the port.
Use the undo vlan-mapping command in system view to invalidate a VLAN mapping rule.
Use the undo vlan-mapping command in Ethernet port view to invalidate a VLAN mapping rule and disable the VLAN mapping function on the current port.
By default, no global VLAN mapping rule or port-level VLAN mapping rule is defined.
& Note:
l A port that is in a link aggregation port group cannot have the VLAN Mapping feature enabled.
l The VLAN mapping function and the protocol-based VLAN function are mutually exclusive on the same port.
l To modify a VLAN mapping relationship, you need to delete the corresponding VLAN mapping rule and then define a new one.
l With a global VLAN mapping rule defined in system view, you cannot define any VLAN mapping rules in Ethernet port view.
Related commands: vlan-mapping enable.
Example
# Define a VLAN mapping rule on Ethernet 1/0/1 to map VLAN 100 to VLAN 200.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] interface Ethernet 1/0/1
[Sysname-Ethernet1/0/1]vlan-mapping vlan 100 remark 200
3.1.2 vlan-mapping enable
Syntax
vlan-mapping enable
undo vlan-mapping enable
View
Ethernet port view
Parameter
None
Description
Use the vlan-mapping enable command to enable the VLAN mapping function on a port based on global VLAN mapping rules.
Use the undo vlan-mapping enable command to disable the VLAN mapping function on a port.
By default, the VLAN mapping function is disabled.
& Note:
l A port that is in a link aggregation port group cannot have the VLAN Mapping feature enabled.
l With port-based VLAN mapping rules configured for a port, the VLAN mapping function is enabled on the port at the same time. In this case, the vlan-mapping enable command cannot be used to enable the VLAN mapping function again.
l The VLAN mapping function and the protocol-based VLAN function are mutually exclusive on the same port.
Related command: vlan-mapping.
Example
# Enable the VLAN mapping function on Ethernet 1/0/1.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] interface Ethernet 1/0/1
[Sysname-Ethernet1/0/1] vlan-mapping enable
Chapter 4 BPDU Tunnel Configuration Commands
4.1 BPDU Tunnel Configuration Commands
4.1.1 bpdu-tunnel
Syntax
bpdu-tunnel protocol-type
undo bpdu-tunnel { protocol-type | all }
View
Ethernet port view
Parameters
protocol-type: Protocol type, packets of which will be transmitted through a BPDU tunnel, This argument can be a keyword listed in Table 4-1.
Table 4-1 Description on the protocol-name argument
Value |
Description |
cdp |
Enable/Disable BPDU tunnel for CISCO discovery protocol (CDP). |
hgmp |
Enable/Disable BPDU tunnel for Huawei group management protocol (HGMP) related protocols, including neighbor discovery protocol (NDP), neighbor topology discovery protocol, cluster member remote control (MRC), and Huawei authentication bypass protocol (HABP). |
lacp |
Enable/Disable BPDU tunnel for link aggregation control protocol (LACP). |
pagp |
Enable/Disable BPDU tunnel for port aggregation protocol (PAGP). |
pvst |
Enable/Disable BPDU tunnel for per-VLAN spanning tree (PVST). |
stp |
Enable/Disable BPDU tunnel for spanning tree protocol (STP). |
vtp |
Enable/Disable BPDU tunnel for VLAN trunk protocol (VTP). |
udld |
Enable/Disable BPDU tunnel for uni-directional link direction (UDLD). |
all: Disables BPDU tunnel for all protocol packets.
Description
Use the bpdu-tunnel command to enable BPDU tunnel on a port, so that packets of the specified protocol will be transparently transmitted through the BPDU tunnel on the port.
Use the undo bpdu-tunnel command to disable BPDU tunnel on a port.
By default, BPDU tunnel is disabled on a port.
After you enable a port to transmit packets of a specified protocol type through the BPDU tunnel, when the port receives such a packet, it will use the specified private multicast MAC address to replace the original destination MAC address of the packet before sending it. As a result, the packet will not be recognized as a protocol packet by other devices in the operator network during transmission. In this way, transparent transmission is implemented.
You can use the bpdu-tunnel tunnel-dmac command to change the destination MAC addresses of protocol packets to a specified multicast MAC address.
Caution:
l If this command is enabled on a port for a specific protocol, the specific protocol cannot be enabled on the port. For example, if you have configured the bpdu-tunnel lacp command, the lacp enable command cannot be enabled on the port.
l The commands configured for service provider’s devices at both ends of a BPDU tunnel must be consistent. Otherwise, BPDU packets of the customer network cannot be transparently transmitted properly.
Examples
# Enable BPDU tunnel for packets of LACP.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] interface Ethernet 1/0/1
[Sysname-Ethernet1/0/1] bpdu-tunnel lacp
4.1.2 bpdu-tunnel tunnel-dmac
Syntax
bpdu-tunnel tunnel-dmac mac-address
undo bpdu-tunnel tunnel-dmac
View
System view
Parameters
mac-address: Destination MAC address to be assigned to the protocol packets transmitted along a BPDU tunnel. This argument must be a multicast MAC address.
Description
Use the bpdu-tunnel tunnel-dmac command to configure the destination MAC address for protocol packets transmitted along a BPDU tunnel.
Use the undo bpdu-tunnel tunnel-dmac command to restore the default destination MAC address.
By default, the destination MAC address for protocol packets transmitted along a BPDU tunnel is 010f-e200-0003.
Caution:
l To prevent the devices in the service provider network from processing the tunnel packets as other protocol packets, the MAC address for tunnel packets must be a multicast address specially for BPDU tunnels in the service provider network.
l The destination MAC addresses configured at the two ends of a BPDU tunnel must be the same; otherwise, the protocol packets cannot be transmitted and forwarded normally.
Related commands: display bpdu-tunnel.
Examples
# Set the destination MAC address for protocol packets transmitted along BPDU tunnels to 010f-e266-c3ab.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] bpdu-tunnel tunnel-dmac 010f-e266-c3ab
4.1.3 display bpdu-tunnel
Syntax
display bpdu-tunnel
View
Any view
Parameters
None
Description
Use the display bpdu-tunnel command to display the private multicast MAC address configured for protocol packets transmitted along the BPDU tunnel(s).
Related commands: bpdu-tunnel tunnel-dmac.
Examples
# Display the private multicast MAC address configured for packets transmitted along the BPDU tunnel(s).
<Sysname> display bpdu-tunnel
Tunnel packet's destination-mac-address: 010f-e2cd-0003
The above output information indicates that all the protocol packets transmitted along the BPDU tunnel(s) use 010f-e2cd-0003 as their destination MAC addresses.