Login
- Table of Contents
-
- H3C S3600 Command Manual-Release 1602(V1.02)
- 00-1Cover
- 01-CLI Command
- 02-Login Command
- 03-Configuration File Management Command
- 04-VLAN Command
- 05-IP Address and Performance Command
- 06-Voice VLAN Command
- 07-GVRP Command
- 08-Port Basic Configuration Command
- 09-Link Aggregation Command
- 10-Port Isolation Command
- 11-Port Security-Port Binding Command
- 12-DLDP Command
- 13-MAC Address Table Management Command
- 14-Auto Detect Command
- 15-MSTP Command
- 16-Routing Protocol Command
- 17-Multicast Command
- 18-802.1x and System Guard Command
- 19-AAA Command
- 20-Web Authentication Command
- 21-MAC Address Authentication Command
- 22-VRRP Command
- 23-ARP Command
- 24-DHCP Command
- 25-ACL Command
- 26-QoS-QoS Profile Command
- 27-Web Cache Redirection Command
- 28-Mirroring Command
- 29-IRF Fabric Command
- 30-Cluster Command
- 31-PoE-PoE Profile Command
- 32-UDP Helper Command
- 33-SNMP-RMON Command
- 34-NTP Command
- 35-SSH Command
- 36-File System Management Command
- 37-FTP-SFTP-TFTP Command
- 38-Information Center Command
- 39-System Maintenance and Debugging Command
- 40-VLAN-VPN Command
- 41-HWPing Command
- 42-IPv6 Management Command
- 43-DNS Command
- 44-Smart Link-Monitor Link Command
- 45-Access Management Command
- 46-Appendix
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 40-VLAN-VPN Command | 99.31 KB |
1 VLAN-VPN Configuration Commands
VLAN-VPN Configuration Commands
2 Selective QinQ Configuration Commands
Selective QinQ Configuration Commands
3 BPDU Tunnel Configuration Commands
BPDU Tunnel Configuration Commands
VLAN-VPN Configuration Commands
display port vlan-vpn
Syntax
display port vlan-vpn
View
Any view
Parameters
None
Description
Use the display port vlan-vpn command to display the information about VLAN-VPN configuration of the current system.
Related commands: vlan-vpn enable, vlan-vpn inner-cos-trust, vlan-vpn tpid.
Examples
# Display the VLAN-VPN configuration of the current system.
<Sysname> display port vlan-vpn
Ethernet1/0/6
VLAN-VPN status: enabled
VLAN-VPN VLAN: 1
VLAN-VPN inner-cos-trust status: disable
VLAN-VPN TPID: 8100
Table 1-1 Description on the fields of the display port vlan-vpn command
|
Field |
Description |
|
Ethernet1/0/6 |
The port with the VLAN VPN feature enabled |
|
VLAN-VPN status |
The operation status of the VLAN VPN feature on the port enabled indicates that VLAN VPN is enabled on the port. You can use the vlan-vpn enable command to enable VLAN VPN on a port. |
|
VLAN-VPN VLAN |
The VLAN corresponding to the tag that the port tags packets with, that is, the default VLAN of the port. For descriptions on default VLAN, refer to VLAN Operation. |
|
VLAN-VPN inner-cos-trust |
The status of the inner-to-outer tag priority replicating feature, enable (enabled) or disable (disabled). You can use the vlan-vpn inner-cos-trust command to configure the feature. |
|
VLAN-VPN TPID |
TPID value of the port, which can be configured through the vlan-vpn tpid command. |
vlan-vpn enable
Syntax
vlan-vpn enable
undo vlan-vpn
View
Ethernet port view
Parameters
None
Description
Use the vlan-vpn enable command to enable the VLAN-VPN feature for a port.
Use the undo vlan-vpn command to disable the VLAN-VPN feature for a port.
By default, the VLAN-VPN feature is disabled.
With the VLAN-VPN feature enabled, a received packet is tagged with the default VLAN tag of the receiving port no matter whether or not the packet already carries a VLAN tag.
l If the packet already carries a VLAN tag, the packet becomes a dual-tagged packet.
l Otherwise, the packet becomes a packet carrying the default VLAN tag of the port.
If IRF fabric is enabled on a device, the VLAN-VPN feature cannot be enabled on any port of the device.
You can use the display port vlan-vpn command to display the configuration information of VLAN-VPN on the ports to verity your configuration.
After the VLAN-VPN function is enabled, you can use the vlan-vpn vid command and the raw-vlan-id inbound command to configure the selective QinQ function. Refer to Selective QinQ Configuration Commands for details.
Examples
# Enable the VLAN-VPN feature for Ethernet 1/0/1 port.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] interface Ethernet 1/0/1
[Sysname-Ethernet1/0/1] vlan-vpn enable
vlan-vpn inner-cos-trust
Syntax
vlan-vpn inner-cos-trust enable
undo vlan-vpn inner-cos-trust
View
Parameters
None
Description
Use the vlan-vpn inner-cos-trust enable command to enable the inner-to-outer tag priority replicating feature.
With the feature enabled, a port replicates the inner tag priority to the outer tag when adding an outer tag for a packet.
Use the undo vlan-vpn inner-cos-trust command to disable the feature.
By default, the inner-to-outer tag priority replicating feature is disabled, and the switch will use the priority of the receiving port as the outer tag priority of packets. For descriptions on receiving port priority, refer to QoS-QoS Profile Operation.
Note that:
l This feature can be enabled only on VLAN-VPN-enabled ports.
l This command is mutually exclusive with the vlan-vpn priority command.
Examples
# Enable the inner-to-outer tag priority replicating feature for Ethernet 1/0/2.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] interface Ethernet 1/0/2
[Sysname-Ethernet1/0/2] vlan-vpn inner-cos-trust enable
vlan-vpn priority
Syntax
vlan-vpn priority inner-priority remark outer-priority
undo vlan-vpn priority inner-priority
View
Ethernet port view
Parameters
inner-priority: 802.1p priority of the inner VLAN tag in a packet. This argument can be in the range 0 to 7 or a keyword listed in Table 1-2.
outer-priority: Priority for the outer VLAN tag in a packet. This argument can be in the range 0 to 7 or a keyword listed Table 1-2.
Table 1-2 Description on 802.1p priority
|
IP Precedence (decimal) |
Keyword |
|
0 |
Best-effort |
|
1 |
Background |
|
2 |
Spare |
|
3 |
Excellent-effort |
|
4 |
Controlled-load |
|
5 |
Video |
|
6 |
Voice |
|
7 |
Network-management |
For descriptions on the 802.1p priority values and the keywords listed in Table 1-2, refer to Qos-QoS Profile Operation.
Description
Use the vlan-vpn priority command to configure the mapping between the inner VLAN priority and the outer VLAN priority. With the mapping configured, a port will encapsulate a packet with the specified inner tag priority with an outer tag that has the corresponding priority.
Use the undo vlan-vpn priority command to remove the configuration.
By default, no mapping between the inner tag priority and the outer tag priority is configured, and the switch uses the priority of the receiving port as the outer tag priority of packets. For descriptions on receiving port priority, refer to QoS-QoS Profile Operation.
Note that:
l This command is applicable to only the VLAN-VPN enabled ports.
l This command is mutually exclusive with the vlan-vpn inner-cos-trust command.
Examples
# Enable the inner-to-outer tag priority mapping feature for Ethernet 1/0/1. Insert outer tags with the priorities being 5 to packets with the priorities of their inner tags being 3.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] interface Ethernet 1/0/1
[Sysname-Ethernet1/0/1] vlan-vpn priority 3 remark 5
vlan-vpn tpid
Syntax
vlan-vpn tpid value
undo vlan-vpn tpid
View
Ethernet port view
Parameters
value: User-defined TPID value (in hexadecimal format), in the range 0x0001 to 0xFFFF.
Description
Use the vlan-vpn tpid command to set the TPID value for a port. With the TPID value set on a port, the port fills the value to the TPID field of the outer tag to be added for a packet and, upon receiving a packet, compares the TPID value with the TPID field of the packet to determine whether the packet carries a VLAN tag or not.
Use the undo vlan-vpn tpid command to restore the default TPID value.
The default TPID value is 0x8100.
For the position and function of the TPID field in a packet, refer to VLAN Operation.
The TPID field in an Ethernet frame has the same position with the protocol type field in a frame without a VLAN tag. To prevent other devices in the network from recognizing the tag-encapsulated packets of the current switch as protocol packets, you are not allowed to set the TPID value to any of the values in the table below.
Table 1-3 Common Ethernet frame protocol type values
|
Protocol type |
Value |
|
ARP |
0x0806 |
|
IP |
0x0800 |
|
MPLS |
0x8847/0x8848 |
|
IPX |
0x8137 |
|
IS-IS |
0x8000 |
|
LACP |
0x8809 |
|
802.1x |
0x888E |
Besides the default TPID value, you can configure only one TPID value on an S3600 switch.
Examples
# Set the TPID value to 0x9100 for Ethernet 1/0/2 port.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] interface Ethernet 1/0/2
[Sysname-Ethernet1/0/2] vlan-vpn tpid 9100
The selective QinQ feature is new to H3C S3600 Series Ethernet Switches.
Selective QinQ Configuration Commands
mac-address-mapping
Syntax
mac-address-mapping index source-vlan source-vlan-list destination-vlan dest-vlan-id
undo mac-address-mapping { index | all }
View
Ethernet port view
Parameters
index: Index of the inter-VLAN MAC address replicating configuration to be created or removed. This argument is in the range 0 to 7.
source-vlan source-vlan-list: Specifies a list of the IDs of the VLANs, whose MAC address entries are to be replicated to the MAC address table of the destination VLAN. You need to provide the source-vlan-list argument in the form of { vlan-id [ to vlan-id ] }&<1-10>, where the VLAN ID after the to keyword must be larger than or equal to the VLAN ID before the to keyword and &<1-10> means that you can specify up to 10 VLANs/VLAN ranges for this argument.
dest-vlan-id: ID of the destination VLAN for replication, in the range 1 to 4094.
all: Removes all the inter-VLAN MAC address replicating configurations created on the current port.
Description
Use the mac-address-mapping command to configure the inter-VLAN MAC address replicating feature for a port. This feature can replicate MAC address entries of the MAC address tables of specified source VLANs to the MAC address table of the specified destination VLAN.
Use the undo mac-address-mapping command to disable this feature.
The inter-VLAN MAC address replicating feature is disabled on any port by default.
In a selective QinQ application, you can configure this feature to:
l Replicate MAC address entries in the MAC address tables of the outer VLANs configured in selective QinQ to the MAC address table of the default VLAN of the downlink port. This is for forwarding uplink packets to the operator network.
l Replicate MAC address entries in the MAC address table of the default VLAN of the downlink port to the MAC address tables of all the outer VLANs configured in selective QinQ. This is for forwarding packets from the operator network to the user networks.
VLAN 4093 is a special VLAN reserved for the IRF fabric feature. It can not serve as the destination VLAN of the inter-VLAN MAC address replicating feature to receive MAC address entries from the other VLANs.
Examples
# Enable the inter-VLAN MAC address replicating feature for Ethernet1/0/1 to replicate the MAC address entries between the MAC address table of VLAN 4 (the default VLAN) and that of the outer VLAN 10.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] interface Ethernet 1/0/1
[Sysname-Ethernet1/0/1] mac-address-mapping 0 source-vlan 4 destination-vlan 10
[Sysname-Ethernet1/0/1] mac-address-mapping 1 source-vlan 10 destination-vlan 4
raw-vlan-id inbound
Syntax
raw-vlan-id inbound vlan-id-list
undo raw-vlan-id inbound { all | vlan-id-list }
View
QinQ view
Parameters
vlan-id-list: Lists of VLAN IDs. After receiving packets of these VLANs, the switch will encapsulate the packets with the specified outer VLAN tag. You need to provide this argument in the form of { vlan-id [ to vlan-id ] }&<1-10>, where the VLAN ID after the to keyword must be larger than or equal to the VLAN ID before the to keyword and &<1-10> means that you can specify up to 10 VLANs/VLAN ranges for this argument.
all: Removes all configurations of encapsulating an outer VLAN tag for specified inner VLANs in the current view.
Description
Use the raw-vlan-id inbound command to specify to encapsulate packets with the specified inner VLAN tags with the specified outer tag. This command must be configured on ports connecting the user network.
Use the undo raw-vlan-id inbound command to remove the configuration.
By default, the switch does not encapsulate packets with any outer VLAN tag.
A packet cannot be tagged with different outer VLAN tags. To change the outer VLAN tag of a packet, you need to remove the existing outer VLAN tag configuration and configure a new outer VLAN tag.
Before configuring this command in QinQ view, you need to use the vlan-vpn vid command to configure the outer VLAN tag to be used in the selective QinQ policy.
Related commands: vlan-vpn vid.
Examples
# Configure Ethernet 1/0/1 to add the tag of VLAN 20 as the outer tag to packets with their inner VLAN IDs being 8 through 15.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] interface Ethernet 1/0/1
[Sysname-Ethernet1/0/1] vlan-vpn vid 20
[Sysname-Ethernet1/0/1-vid-20] raw-vlan-id inbound 8 to 15
vlan-vpn vid
Syntax
vlan-vpn vid vlan-id
undo vlan-vpn vid vlan-id
View
Ethernet port view
Parameters
vlan-id: VLAN ID, in the range 1 to 4094.
Description
Use the vlan-vpn vid command to configure the outer VLAN tag for a selective QinQ policy (that is, the outer VLAN tag to be used by a port to encapsulate received packets) and to enter QinQ view.
Use the undo vlan-vpn vid command to remove the configured outer VLAN tag. Note that this command will also remove all configurations configured by the raw-vlan-id inbound command in QinQ view.
Before configuring this command on a port, make sure that the vlan-vpn enable command is configured on the port.
If IRF fabric is enabled on a device, the selective QinQ policy cannot be configured on any port of the device.
By default, no selective QinQ policy is configured on a port.
After specifying an outer VLAN tag and enter QinQ view, you need to use the raw-vlan-id inbound command to specify which VLANs’ packets will be encapsulated with the specified outer VLAN tag. Otherwise, the configuration of the outer VLAN tag is of no use.
Related commands: raw-vlan-id inbound.
Examples
# Specify Ethernet 1/0/1 add VLAN 20 tag as the outer tag to the packets with their inner VLAN IDs being 2 through 14.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] interface Ethernet 1/0/1
[Sysname-Ethernet1/0/1] vlan-vpn vid 20
[Sysname-Ethernet1/0/1-vid-20] raw-vlan-id inbound 2 to 14
Two features, the BPDU Tunnel support for packets of multiple protocols and adjusting tunnel packet MAC addresses, are newly added. For details, refer to bpdu-tunnel and bpdu-tunnel tunnel-dmac.
BPDU Tunnel Configuration Commands
bpdu-tunnel
Syntax
bpdu-tunnel protocol-type
undo bpdu-tunnel { protocol-type | all }
View
Ethernet port view
Parameters
protocol-type: Protocol type, packets of which will be transmitted through a BPDU tunnel, This argument can be a keyword listed in Table 3-1.
Table 3-1 Description on the protocol-name argument
|
Value |
Description |
|
cdp |
Enable/Disable BPDU tunnel for CISCO discovery protocol (CDP). |
|
hgmp |
Enable/Disable BPDU tunnel for Huawei group management protocol (HGMP) related protocols, including neighbor discovery protocol (NDP), neighbor topology discovery protocol, cluster member remote control (MRC), and Huawei authentication bypass protocol (HABP). |
|
lacp |
Enable/Disable BPDU tunnel for link aggregation control protocol (LACP). |
|
pagp |
Enable/Disable BPDU tunnel for port aggregation protocol (PAGP). |
|
pvst |
Enable/Disable BPDU tunnel for per-VLAN spanning tree (PVST). |
|
stp |
Enable/Disable BPDU tunnel for spanning tree protocol (STP). |
|
vtp |
Enable/Disable BPDU tunnel for VLAN trunk protocol (VTP). |
|
udld |
Enable/Disable BPDU tunnel for uni-directional link direction (UDLD). |
all: Disables BPDU tunnel for all protocol packets.
Description
Use the bpdu-tunnel command to enable BPDU tunnel on a port, so that packets of the specified protocol will be transparently transmitted through the BPDU tunnel on the port.
Use the undo bpdu-tunnel command to disable BPDU tunnel on a port.
By default, BPDU tunnel is disabled on a port.
After you enable a port to transmit packets of a specified protocol type through the BPDU tunnel, when the port receives such a packet, it will use the specified private multicast MAC address to replace the original destination MAC address of the packet before sending it. As a result, the packet will not be recognized as a protocol packet by other devices in the operator network during transmission. In this way, transparent transmission is implemented.
You can use the bpdu-tunnel tunnel-dmac command to change the destination MAC addresses of protocol packets to a specified multicast MAC address.
l If this command is enabled on a port for a specific protocol, the specific protocol cannot be enabled on the port. For example, if you have configured the bpdu-tunnel lacp command, the lacp enable command cannot be enabled on the port.
l The commands configured for service provider’s devices at both ends of a BPDU tunnel must be consistent. Otherwise, BPDU packets of the customer network cannot be transparently transmitted properly.
l If IRF fabric is enabled on one port of a device, the BPDU tunnel feature cannot be enabled on any port of the device.
Examples
# Enable BPDU tunnel for packets of LACP.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] interface Ethernet 1/0/1
[Sysname-Ethernet1/0/1] bpdu-tunnel lacp
bpdu-tunnel tunnel-dmac
Syntax
bpdu-tunnel tunnel-dmac mac-address
undo bpdu-tunnel tunnel-dmac
View
System view
Parameters
mac-address: Destination MAC address to be assigned to the protocol packets transmitted along a BPDU tunnel. This argument must be a multicast MAC address.
Description
Use the bpdu-tunnel tunnel-dmac command to configure the destination MAC address for protocol packets transmitted along a BPDU tunnel.
Use the undo bpdu-tunnel tunnel-dmac command to restore the default destination MAC address.
By default, the destination MAC address for protocol packets transmitted along a BPDU tunnel is 010f-e200-0003.
l To prevent the devices in the service provider network from processing the tunnel packets as other protocol packets, the MAC address for tunnel packets must be a multicast address specially for BPDU tunnels in the service provider network.
l The destination MAC addresses configured at the two ends of a BPDU tunnel must be the same; otherwise, the protocol packets cannot be transmitted and forwarded normally.
Related commands: display bpdu-tunnel.
Examples
# Set the destination MAC address for protocol packets transmitted along BPDU tunnels to 010f-e266-c3ab.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] bpdu-tunnel tunnel-dmac 010f-e266-c3ab
display bpdu-tunnel
Syntax
display bpdu-tunnel
View
Any view
Parameters
None
Description
Use the display bpdu-tunnel command to display the private multicast MAC address configured for protocol packets transmitted along the BPDU tunnel(s).
Related commands: bpdu-tunnel tunnel-dmac.
Examples
# Display the private multicast MAC address configured for packets transmitted along the BPDU tunnel(s).
<Sysname> display bpdu-tunnel
Tunnel packet's destination-mac-address: 010f-e2cd-0003
The above output information indicates that all the protocol packets transmitted along the BPDU tunnel(s) use 010f-e2cd-0003 as their destination MAC addresses.
