Login
| Title | Size | Downloads |
|---|---|---|
| 02-VLAN Configuration.pdf | 430.21 KB |
| Title | Size | Download |
|---|---|---|
| 02-VLAN Configuration | 430.21 KB |
1.2 Configuring Basic VLAN Attributes
1.3 Configuring Basic VLAN Interface Attributes
1.4 Configuring Port-Based VLAN
1.4.1 Introduction to Port-Based VLAN
1.4.2 Configuring an Access-Port-Based VLAN
1.4.3 Configuring a Trunk-Port-Based VLAN
1.4.4 Configuring a Hybrid-Port-Based VLAN
1.5 Configuring Protocol-Based VLAN.
1.5.1 Introduction to Protocol-Based VLAN
1.5.2 Configuring a Protocol-Based VLAN.
1.6 Configuring IP-Subnet-Based VLAN.
1.6.2 Configuring an IP-Subnet-Based VLAN.
1.7 Displaying and Maintaining VLAN
1.8 VLAN Configuration Example
Chapter 2 Isolate-User-VLAN Configuration
2.1 Introduction to Isolate-User-VLAN
2.2 Configuring Isolate-User-VLAN
2.3 Displaying and Maintaining Isolate-User-VLAN
2.4 Isolate-User-VLAN Configuration Example
Chapter 3 Voice VLAN Configuration
3.1 Introduction to Voice VLAN
3.1.1 Working Modes of Voice VLAN
3.1.2 Security Mode and Normal Mode of Voice VLAN
3.2.1 Configuration Prerequisites
3.2.2 Configuring a Voice VLAN under Automatic Mode
3.2.3 Configuring a Voice VLAN under Manual Mode
3.3 Displaying and Maintaining Voice VLAN
3.4 Voice VLAN Configuration Examples
3.4.1 A Configuration Example of the Voice VLAN under Automatic Mode
3.4.2 A Configuration Example of Voice VLAN under Manual Mode
4.3 Displaying and Maintaining GVRP
4.4 GVRP Configuration Examples
4.4.1 GVRP Configuration Example I
4.4.2 GVRP Configuration Example II
4.4.3 GVRP Configuration Example III
Chapter 1 VLAN Configuration
When configuring VLAN, go to these sections for information you are interested in:
l Configuring Basic VLAN Attributes
l Configuring Basic VLAN Interface Attributes
l Configuring Protocol-Based VLAN
l Configuring IP-Subnet-Based VLAN
l Displaying and Maintaining VLAN
1.1 Introduction to VLAN
1.1.1 VLAN Overview
Ethernet is a network technology based on the Carrier Sense Multiple Access/Collision Detect (CSMA/CD) mechanism. As the medium is shared in an Ethernet, network performance may degrade as the number of hosts on the network is increasing. If the number of the hosts in the network reaches a certain level, problems caused by collisions, broadcasts, and so on emerge, which may cause the network operating improperly. In addition to the function that suppresses collisions (which can also be achieved by interconnecting LANs), virtual LAN (virtual LAN) can also isolate broadcast packets. VLAN divides a LAN into multiple logical LANs with each being a broadcast domain. Hosts in the same VLAN can communicate with each other like in a LAN. However, hosts from different VLANs cannot communicate directly. In this way, broadcast packets are confined to a single VLAN, as illustrated in the following figure.
Figure 1-1 A VLAN diagram
A VLAN is not restricted by physical factors, that is to say, hosts that reside in different network segments may belong to the same VLAN, users in a VLAN can be connected to the same switch, or span across multiple switches or routers.
VLAN technology has the following advantages:
1) Broadcast traffic is confined to each VLAN, reducing bandwidth utilization and improving network performance.
2) LAN security is improved. Packets in different VLANs cannot communicate with each other directly. That is, users in a VLAN cannot interact directly with users in other VLANs, unless routers or Layer 3 switches are used.
3) A more flexible way to establish virtual working groups. With VLAN technology, clients can be allocated to different working groups, and users from the same group do not have to be within the same physical area, making network construction and maintenance much easier and more flexible.
1.1.2 VLAN Fundamental
To enable packets being distinguished by the VLANs they belong to, a field used to identify VLANs is added to packets. As common switches operate on the data link layer of the OSI model, they only process Layer 2 encapsulation information and the field thus needs to be inserted to the Layer 2 encapsulation information of packets.
The format of the packets carrying the fields identifying VLANs is defined in IEEE 802.1Q, which is issued in 1999.
In the header of a traditional Ethernet packet, the field following the destination MAC address and the source MAC address is protocol type, which indicates the upper layer protocol type. Figure 1-2 illustrates the format of a traditional Ethernet packet, where DA stands for destination MAC address, SA stands for source MAC address, and Type stands for upper layer protocol type.
Figure 1-2 The format of a traditional Ethernet packet
IEEE802.1Q defines a four-byte VLAN Tag field between the DA&SA field and the Type field to carry VLAN-related information, as shown in Figure 1-3.
Figure 1-3 The position and the format of the VLAN Tag field
The VLAN Tag field comprises four sub-fields: the tag protocol identifier (TPID) field, the Priority field, the canonical format indicator (CFI) field, and the VLAN ID field.
l The TPID field, 16 bits in length and with a value of 0x8100, indicates that a packet carries a VLAN tag with it.
l The Priority field, three bits in length, indicates the 802.1p priority of a packet. For information about packet priority, refer to QoS Configuration.
l The CFI field, one bit in length, specifies whether or not the MAC addresses are encapsulated in standard format when packets are transmitted across different medium. With the field set to 0, MAC addresses are encapsulated in standard format; with the field set to 1, MAC addresses are encapsulated in non-standard format. The filed is 0 by default.
l The VLAN ID field, 12 bits in length and with its value ranging from 0 to 4095, identifies the ID of the VLAN a packet belongs to. As VLAN IDs of 0 and 4095 are reserved by the protocol, the actual value of this field ranges from 1 to 4094.
A network device determines the VLAN to which a packet belongs to by the VLAN ID field the packet carries. The VLAN Tag determines the way a packet is processed. For more information, refer to Introduction to Port-Based VLAN.
& Note:
The frame format mentioned here is that of Ethernet II. Besides Ethernet II encapsulation, other types of encapsulation, including 802.2 LLC, 802.2 SNAP, and 802.3 raw are also supported. The VLAN tag fields are also added to packets adopting these encapsulation formats for VLAN identification.
1.1.3 VLAN Classification
Based on different criteria, VLANs can be classified into different categories. The following types are the most commonly used:
l Port-based
l MAC address-based
l Protocol-based
l IP-subnet-based
l Policy-based
l Other types
S7500E series Ethernet switches support port-based VLAN, protocol-based VLAN, and IP-subnet-based VLAN.
1.2 Configuring Basic VLAN Attributes
Follow these steps to configure basic VLAN attributes:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Create VLANs |
vlan { vlan-id1 [ to vlan-id2 ] | all } |
Optional Using this command can create multiple VLANs. |
|
Enter VLAN view |
vlan vlan-id |
Required The VLAN must be created first before entering its view; otherwise, using the command creates a VLAN and enters its view By default, only one default VLAN (that is, VLAN 1 ) exists in the system. |
|
Specify a descriptive character string for the VLAN |
description text |
Optional VLAN ID used by default, for example, “VLAN 0001” |
& Note:
l As the default VLAN, VLAN 1 cannot be created or removed.
l You cannot manually create or remove reserved VLANs, which are reserved for specific functions.
l Dynamic VLANs cannot be removed using the undo vlan command.
l If a VLAN has QoS policy configured, the VLAN cannot be removed.
l If an isolate-user-vlan or a secondary VLAN is associated with another VLAN, the isolate-user-vlan or secondary VLAN cannot be removed unless the association is removed.
l If a VLAN is configured as a remote mirroring VLAN, it cannot be removed using the undo vlan command unless its mirroring VLAN configuration is removed.
1.3 Configuring Basic VLAN Interface Attributes
Hosts of different VLANs cannot communicate directly. That is, routers or Layer 3 switches are needed for packets to travel across different VLANs. VLAN interfaces are used to forward VLAN packets on Layer 3.
VLAN interfaces are Layer 3 virtual interfaces (which do not exist physically on devices) used for Layer 3 interoperability between different VLANs. Each VLAN can have one VLAN interface. Packets of a VLAN can be forwarded on network layer through the corresponding VLAN interface. As each VLAN forms a broadcast domain, a VLAN can be an IP network segment and the VLAN interface can be the gateway to enable IP address-based Layer 3 forwarding.
Follow these steps to configure basic VLAN interface attributes:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Create a VLAN interface or enter VLAN interface view |
interface Vlan-interface vlan-interface-id |
Required This command leads you to VLAN interface view if the VLAN interface already exists. |
|
Configure an IP address for the VLAN interface |
ip address ip-address { mask | mask-length } [ sub ] |
Optional Not configured by default |
|
Specify the descriptive character string for the VLAN interface |
description text |
Optional VLAN interface name used by default |
|
Bring up the VLAN interface |
undo shutdown |
Optional By default, a VLAN interface is up. The state of a VLAN interface also depends on the states of the ports in the VLAN. If all the ports in the VLAN are down, the VLAN interface is down; if one or more ports in the VLAN are up, the VLAN interface is up. If a VLAN interface is manually shut down, the VLAN interface is always down regardless of the states of ports in the VLAN. |
& Note:
Before creating a VLAN interface, ensure that the corresponding VLAN already exists. Otherwise, the specified VLAN interface will not be created.
1.4 Configuring Port-Based VLAN
1.4.1 Introduction to Port-Based VLAN
This is the simplest and yet the most effective way of classifying VLANs. It groups VLAN members by port. After added to a VLAN, a port can forward the packets of the VLAN.
I. Port link type
Based on the tag handling mode, a port’s link type can be one of the following three:
l Access port: the port only belongs to one VLAN, normally used to connect user device;
l Trunk port: the port can belong to multiple VLANs, can receive/send packets for multiple VLANs, normally used to connect network devices;
l Hybrid port: the port can belong to multiple VLANs, can receive or send packets for multiple VLANs, used to connect either user or network devices;
The differences between Hybrid and Trunk port:
l A Hybrid port allows packets of multiple VLANs to be sent without the Tag label;
l A Trunk port only allows packets from the default VLAN to be sent without the Tag label.
II. Default VLAN
You can configure the default VLAN for a port. By default, VLAN 1 is the default VLAN for all ports. However, this can be changed as needed.
l An Access port only belongs to one VLAN. Therefore, its default VLAN is the VLAN it resides in and cannot be configured.
l You can configure the default VLAN for the Trunk port or the Hybrid port as they can both belong to multiple VLANs.
l After deletion of the default VLAN using the undo vlan command, the default VLAN for an Access port will revert to VLAN 1, whereas that for the Trunk or Hybrid port remains, meaning the port can use a nonexistent VLAN as the default VLAN.
& Note:
For the voice VLAN in automatic mode, the default VLAN of the corresponding port cannot be configured as voice VLAN. Otherwise, the system prompts error information. For information about voice VLAN, refer to Voice VLAN Configuration.
Configured with the default VLAN, a port handles packets in the following ways:
|
Port type |
Inbound packets handling |
Outbound packets handling |
|
|
Untagged packets |
Tagged packets |
||
|
Access |
Tag each packet with the default VLAN tag. |
l Receive the packets with the default VLAN tag. l Drop the packet if the VLAN ID is not the default VLAN ID. |
Remove the default VLAN tag and send the packets. |
|
Trunk |
Check whether the default VLAN ID is permitted to pass through the port: l If yes, tag each packet with the default VLAN tag l If not, drop the packets. |
l Receive a packet if its VLAN ID is permitted to pass through the port. l Drop a packet if its VLAN ID is not permitted to pass through the port. |
l Remove the tag and send the packet if the packet carries the default VLAN tag. l Keep the tag and send the packet if its VLAN ID is not the default VLAN ID but permitted to pass through the port. |
|
Hybrid |
Send the packet if its VLAN ID is permitted to pass through the port. In addition, you can use the port hybrid vlan command to configure whether the port keeps or removes the tags when sending packets of a VLAN (including the default VLAN). |
||
1.4.2 Configuring an Access-Port-Based VLAN
There are two ways to configure Access-port-based VLAN: one way is to configure in VLAN view, the other way is to configure in Ethernet port view/port group view.
Follow these steps to configure an Access-port-based VLAN in VLAN view:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter VLAN view |
vlan vlan-id |
Required The VLAN must be created first before entering its view |
|
Add access ports to the current VLAN |
port interface-list |
Required By default, all the ports belong to VLAN 1 |
Follow these steps to configure an Access-port-based VLAN in Ethernet port view/port group view:
|
To do… |
Use the command… |
Remarks |
|
|
Enter system view |
system-view |
— |
|
|
Enter Ethernet port view or port group view |
Enter Ethernet port view |
interface interface-type interface-number |
Use either command Under Ethernet port view, the subsequent configurations only apply to the current port; under port group view, the subsequent configurations apply to all the ports in the port group |
|
Enter port group view |
port-group { manual port-group-name | aggregation agg-id } |
||
|
Configure the port link type as Access |
port link-type access |
Optional The link type of a port is Access by default |
|
|
Add the current Access port to a specified VLAN |
port access vlan vlan-id |
Optional By default, all the Access ports belong to VLAN 1 |
|
& Note:
Before adding an Access port to a VLAN, make sure the VLAN already exists.
1.4.3 Configuring a Trunk-Port-Based VLAN
A trunk port may belong to multiple VLANs, and you can only perform this configuration in Ethernet port view or port group view.
Follow these steps to configure a Trunk-port-based VLAN:
|
To do… |
Use the command… |
Remarks |
|
|
Enter system view |
system-view |
— |
|
|
Enter Ethernet port view or port group view |
Enter Ethernet port view |
interface interface-type interface-number |
Use either command Under Ethernet port view, the subsequent configurations only apply to the current port; under port group view, the subsequent configurations apply to all the ports in the port group. |
|
Enter port group view |
port-group { manual port-group-name | aggregation agg-id } |
||
|
Configure the port link type as Trunk |
port link-type trunk |
Required By default, a port is of the Access type. |
|
|
Allow a specified VLAN to pass through the current Trunk port |
port trunk permit vlan { vlan-id-list | all } |
Required By default, all Trunk ports belong to VLAN 1 only |
|
|
Configure the default VLAN for the Trunk port |
port trunk pvid vlan vlan-id |
Optional VLAN 1 is the default by default |
|
& Note:
l To convert a Trunk port into a Hybrid port (or vice versa), you need to use the Access port as a medium. For example, the Trunk port has to be configured as an Access port first and then a Hybrid port.
l The default VLAN ID on the Trunk ports of the local and peer devices must be the same. Otherwise, packets cannot be transmitted properly.
1.4.4 Configuring a Hybrid-Port-Based VLAN
A Hybrid port can belong to multiple VLANs, and this configuration can only be performed in Ethernet port view or port group view.
Follow these steps to configure a Hybrid-port-based VLAN:
|
To do… |
Use the command… |
Remarks |
|
|
Enter system view |
system-view |
— |
|
|
Enter Ethernet port view or port group view |
Enter Ethernet port view |
interface interface-type interface-number |
Use either command; Under Ethernet port view, the subsequent configurations only apply to the current port; under port group view, the subsequent configurations apply to all the ports in the port group |
|
Enter port group view |
port-group { manual port-group-name | aggregation agg-id } |
||
|
Configure the port link type as Hybrid |
port link-type hybrid |
Required By default, a port is of the Access type. |
|
|
Configure the port to permit packets of specific VLANs |
port hybrid vlan vlan-id-list { tagged | untagged } |
Required By default, a Hybrid port only permits the packets of VLAN 1. |
|
|
Configure the default VLAN of the Hybrid port |
port hybrid pvid vlan vlan-id |
Optional VLAN 1 by default |
|
& Note:
l To configure a Trunk port into a Hybrid port (or vice versa), you need to use the Access port as a medium. For example, the Trunk port has to be configured as an Access port first and then a Hybrid port.
l Ensure that a VLAN already exists before configuring it to pass through a certain Hybrid port.
l The default VLAN ID on the Hybrid ports of the local and the peer devices must be the same. Otherwise, packets cannot be transmitted properly.
1.5 Configuring Protocol-Based VLAN
1.5.1 Introduction to Protocol-Based VLAN
& Note:
Protocol-based VLANs are only applicable to hybrid ports.
In this approach, inbound packets are assigned with different VLAN IDs based on their protocol type and encapsulation format. The protocols that can be used to categorize VLANs include: IP, IPX, and AppleTalk (AT). The encapsulation formats include: Ethernet II, 802.3 raw, 802.2 LLC, and 802.2 SNAP.
A protocol-based VLAN can be defined by a protocol template, which is determined by encapsulation format and protocol type. A port can be associated to multiple protocol templates. An untagged packet (that is, packet carrying no VLAN tag) reaching a port associated with a protocol-based VLAN will be processed as follows.
l If the packet matches a protocol template, the packet will be tagged with the VLAN ID of the protocol-based VLAN defined by the protocol template.
l If the packet matches no protocol template, the packet will be tagged with the default VLAN ID of the port.
A tagged packet (that is, a packet carrying VLAN tags) reaching the port is processed in the same way as that of port-based VLAN.
l If the port is configured to permit packets with the VLAN tag, the packet is forwarded.
l If the port is configured to deny packets with the VLAN tag, the packet is dropped.
This feature is mainly used to bind the service type with VLAN for ease of management and maintenance.
1.5.2 Configuring a Protocol-Based VLAN
Follow these steps to configure a protocol-based VLAN:
|
To do… |
Use the command… |
Remarks |
|
|
Enter system view |
system-view |
— |
|
|
Enter VLAN view |
vlan vlan-id |
Required For a nonexistent VLAN, this command will create a VLAN and enter its view |
|
|
Configure the protocol based VLAN and specify the protocol template |
protocol-vlan [ protocol-index ] { at | ipv4 | ipv6 | ipx { ethernetii | llc | raw | snap } | mode { ethernetii etype etype-id | llc { dsap dsap-id [ ssap ssap-id ] | ssap ssap-id } | snap etype etype-id } } |
Required |
|
|
Exit the VLAN view |
quit |
Required |
|
|
Enter Ethernet port view or port group view |
Enter Ethernet port view |
interface interface-type interface-number |
Use either command Under Ethernet port view, the subsequent configurations only apply to the current port; under port group view, the subsequent configurations apply to all ports in the port group |
|
Enter port group view |
port-group { manual port-group-name | aggregation agg-id } |
||
|
Configure the port link type as Hybrid |
port link-type hybrid |
Required |
|
|
Allow the packets of a protocol-based VLAN to pass through the current Hybrid port in untagged way |
port hybrid vlan vlan-id-list untagged |
Required |
|
|
Configure the association between the Hybrid port and the protocol-based VLAN |
port hybrid protocol-vlan vlan vlan-id { protocol-index [ to protocol-end ] | all } |
Required |
|
Caution:
l At present, the AppleTalk-based protocol template cannot be associated with a port on an S7500E series Ethernet switch
l You cannot configure the dsap-id and ssap-id argument in the protocol-vlan command as 0xe0 at the same time. 0xe0 corresponds to the ipx llc protocol template. Similarly, do not configure the dsap-id and ssap-id argument as 0xff at the same time as well. 0xff corresponds to the ipx raw protocol template.
l Ensure that the ethernetii etype etype-id keyword and argument combination is not configured as 0x0800, 0x8137, 0x809b, or 0x86dd, because they correspond to IPv4, IPX, AppleTalk and IPv6 protocol template respectively.
l Do not configure a VLAN as a protocol-based VLAN and a voice VLAN under automatic mode at the same time, as the former requires the Hybrid port to untag packets, whereas the latter requires the Hybrid port to tag packets. For more information, refer to Voice VLAN Configuration.
1.6 Configuring IP-Subnet-Based VLAN
1.6.1 Introduction
In this approach, VLANs are categorized based on the source IP addresses and the subnet masks of packets. After receiving an untagged packet from a port, the device finds its association with the current VLAN based on the source address contained in the packet, and then forwards the packet in the corresponding VLAN. This allows packets from a certain network segment or with certain IP addresses to be forwarded in a VLAN.
1.6.2 Configuring an IP-Subnet-Based VLAN
& Note:
This feature is only applicable to hybrid ports.
Follow these steps to configure an IP-subnet-based VLAN:
|
To do… |
Use the command… |
Remarks |
|
|
Enter system view |
system-view |
— |
|
|
Enter VLAN view |
vlan vlan-id |
— |
|
|
Configure the association between an IP subnet with the current VLAN |
ip-subnet-vlan [ ip-subnet-index ] ip ip-address [ mask ] |
Required The configured IP network segment or IP address cannot be a multicast network segment or a multicast address |
|
|
Exit to system view |
quit |
— |
|
|
Enter Ethernet port view or port group view |
Enter Ethernet port view |
interface interface-type interface-number |
Use either command. Under Ethernet port view, the subsequent configurations only apply to the current port; under port group view, the subsequent configurations apply to all ports in the port group |
|
Enter port group view |
port-group { manual port-group-name | aggregation agg-id } |
||
|
Configure port link type as Hybrid |
port link-type hybrid |
Required |
|
|
Allow an IP-subnet-based VLAN to pass through the current Hybrid port |
port hybrid vlan vlan-id-list { tagged | untagged } |
Required |
|
|
Configure the association between the Hybrid port and the IP-subnet-based VLAN |
port hybrid ip-subnet-vlan vlan vlan-id |
Required |
|
1.7 Displaying and Maintaining VLAN
|
To do... |
Use the command… |
Remarks |
|
Display the information about specific VLANs |
display vlan [ vlan-id1 [ to vlan-id2 ] | all | dynamic | reserved | static ] |
Available in any view |
|
Display the information about a VLAN interface |
display interface Vlan-interface [ vlan-interface-id ] |
Available in any view |
|
Display the protocol information and protocol indexes of specified VLANs |
display protocol-vlan vlan { vlan-id [ to vlan-id ] | all } |
Available in any view |
|
Display protocol based VLAN information on specified ports |
display protocol-vlan interface { interface-type interface-number [ to interface-type interface-number ] | all } |
Available in any view |
|
Display the IP-subnet-based VLAN information and IP subnet indexes of specified VLANs |
display ip-subnet-vlan vlan { vlan-id [ to vlan-id ] | all } |
Available in any view |
|
Display the IP-subnet-based VLAN information and IP subnet index of specified ports |
display ip-subnet-vlan interface { interface-type interface-number [ to interface-type interface-number | all } |
Available in any view |
|
Clear the statistics on a VLAN interface |
reset counters interface Vlan-interface [ vlan-interface-id ] |
Available in user view |
1.8 VLAN Configuration Example
I. Network requirements
l Device A connects to Device B through the Trunk port Ethernet 2/0/1;
l The default VLAN ID of the port is 100;
l This port allows packets from VLAN 2, VLAN 6 to VLAN 50, and VLAN 100 to pass through.
II. Network diagram
Figure 1-4 Network diagram for port-based VLAN configuration
III. Configuration procedure
1) Configure Device A
# Create VLAN 2, VLAN 6 through VLAN 50, and VLAN 100.
<DeviceA> system-view
[DeviceA] vlan 2
[DeviceA-vlan2] quit
[DeviceA] vlan 100
[DeviceA-vlan100] vlan 6 to 50
Please wait... Done.
# Enter Ethernet 2/0/1 port view.
[DeviceA] interface Ethernet 2/0/1
# Configure Ethernet 2/0/1 as a Trunk port and configure its default VLAN ID as 100.
[DeviceA-Ethernet2/0/1] port link-type trunk
[DeviceA-Ethernet2/0/1] port trunk pvid vlan 100
# Configure Ethernet 2/0/1 to deny the packets of VLAN 1 (by default, the packets of VLAN 1 are permitted on all the ports).
[DeviceA-Ethernet2/0/1] undo port trunk permit vlan 1
# Configure packets from VLAN 2, VLAN 6 through VLAN 50, and VLAN 100 to pass through Ethernet 2/0/1.
[DeviceA-Ethernet2/0/1] port trunk permit vlan 2 6 to 50 100
Please wait... Done.
2) # Configure Device B following similar steps as that of Device A.
IV. Verification
Verifying the configuration of Device A is similar to that of Device B. so only Device A is taken for example here.
# Display the information about Ethernet 2/0/1 of Device A to verify the above configurations.
<DeviceA> display interface ethernet 2/0/1
Ethernet2/0/1 current state: UP
IP Packet Frame Type: PKTFMT_ETHNT_2, Hardware Address: 0000-fc00-6504
Description: Ethernet2/0/1 Interface
Loopback is not set
Media type is twisted pair
Port hardware type is 100_BASE_T
Unknown-speed mode, unknown-duplex mode
Link speed type is autonegotiation, link duplex type is autonegotiation
Flow-control is not enabled
The Maximum Frame Length is 1536
Broadcast MAX-ratio: 100%
Unicast MAX-ratio: 100%
Multicast MAX-ratio: 100%
Allow jumbo frame to pass
PVID: 100
Mdi type: auto
Link delay is 0(sec)
Port link-type: trunk
VLAN passing : 2, 6-50, 100
VLAN permitted: 2, 6-50, 100
Trunk port encapsulation: IEEE 802.1q
Port priority: 0
Last 300 seconds input: 0 packets/sec 0 bytes/sec -%
Last 300 seconds output: 0 packets/sec 0 bytes/sec -%
Input (total): 0 packets, 0 bytes
0 broadcasts, 0 multicasts
Input (normal): 0 packets, - bytes
0 broadcasts, 0 multicasts
Input: 0 input errors, 0 runts, 0 giants, 0 throttles
0 CRC, 0 frame, - overruns, 0 aborts
- ignored, - parity errors
Output (total): 0 packets, 0 bytes
0 broadcasts, 0 multicasts, 0 pauses
Output (normal): 0 packets, - bytes
0 broadcasts, 0 multicasts, 0 pauses
Output: 0 output errors, - underruns, - buffer failures
0 aborts, 0 deferred, 0 collisions, 0 late collisions
0 lost carrier, - no carrier
The output above shows that:
l The port is a trunk port.
l The default VLAN is VLAN 100.
l The port permits packets of VLAN 2, VLAN 6 through VLAN 50, and VLAN 100.
So the configuration is successful.
Chapter 2 Isolate-User-VLAN Configuration
When configuring Isolate-user VLAN, go to these sections for information you are interested in:
l Introduction to Isolate-User-VLAN
l Configuring Isolate-User-VLAN
l Displaying and Maintaining Isolate-User-VLAN
l Isolate-User-VLAN Configuration Example
2.1 Introduction to Isolate-User-VLAN
The isolate-user-VLAN adopts a two-tier VLAN structure. In this approach, two types of VLANs, isolate-user-VLAN and secondary VLAN, are configured on the same device.
l The isolate-user-VLAN is mainly used for upstream data exchange. An isolate-user-VLAN can have multiple secondary VLANs associated to it. The upstream device only knows the isolate-user-VLAN, how the secondary VLANs are working is not its concern. In this way, network configurations are simplified and VLAN resources are saved.
l Secondary VLANs are used for connecting users. Secondary VLANs are isolated from each other on Layer 2. To allow users from different secondary VLANs under the same isolate-user-VLAN to communicate with each other, you can enable ARP proxy on the upstream device to realize Layer 3 communication between the secondary VLANs.
l One isolate-user-VLAN can have multiple secondary VLANs, which are invisible to the corresponding upstream device.
As illustrated in the following figure, the isolate-user-vlan function is enabled on Switch B. VLAN 10 is the isolate-user-VLAN, and VLAN 2, VLAN 5, and VLAN 8 are secondary VLANs that are mapped to VLAN 10 and are invisible to Switch A.
Figure 2-1 An isolate-user-vlan example
2.2 Configuring Isolate-User-VLAN
Configure the isolate-user-vlan through the following steps:
1) Configure the isolate-user-vlan;
2) Configure the secondary VLAN
3) Add ports to the isolate-user-vlan ( note that no port can be a Trunk port) and ensure that at least one port has the isolate-user-vlan as its default VLAN;
4) Add ports to the secondary VLAN ( note that no port can be a Trunk port) and ensure that at least one port has the secondary VLAN as its default VLAN;
5) Configure the mapping between the isolate-user-vlan and the secondary VLAN.
Follow these steps to configure an isolate-user-VLAN:
|
To do... |
Use the command |
Remarks |
|
|
Enter system view |
system-view |
— |
|
|
Create a VLAN (or enter VLAN view) |
vlan vlan-id |
— |
|
|
Configure the VLAN as an isolate-user-VLAN |
isolate-user-vlan enable |
Required |
|
|
Quit to system view |
quit |
— |
|
|
Add ports to the isolate-user-VLAN and ensure that at least one port has the isolate-user-VLAN as its default VLAN |
Access port |
Either is required. |
|
|
Hybrid port |
Refer to Configuring a Hybrid-Port-Based VLAN |
||
|
Quit to system view |
quit |
— |
|
|
Create secondary VLANs |
vlan { vlan-id1 [to vlan-id2 ] | all } |
Required |
|
|
Add ports to the secondary VLAN and ensure that at least one port has the secondary VLAN as its default VLAN |
Access port |
Required to choose either |
|
|
Hybrid port |
Refer to Configuring a Hybrid-Port-Based VLAN |
||
|
Quit to system view |
quit |
— |
|
|
Configure the mapping between the isolate-user-VLAN and the secondary VLANs |
isolate-user-vlan isolate-user-vlan-id secondary secondary-vlan-list |
Required |
|
& Note:
After a mapping is configured, the system disallows adding ports to and removing ports or VLANs from the mapped isolate-user-VLAN and secondary VLAN.
2.3 Displaying and Maintaining Isolate-User-VLAN
|
To do... |
Use the command... |
Remarks |
|
Display the mapping between an isolate-user-vlan and its secondary VLAN(s) |
display isolate-user-vlan [ isolate-user-vlan-id ] |
Available in any view |
2.4 Isolate-User-VLAN Configuration Example
I. Network diagram
l Device A is connected to downstream devices Device B and Device C;
l VLAN 5 is configured on Device B as an isolate-user-VLAN, which includes an upstream port Ethernet 2/0/5 and two secondary VLANs, namely VLAN 2 and VLAN 3. VLAN 2 has Ethernet 2/0/2 and VLAN 3 has Ethernet 2/0/1.
l VLAN 6 is configured on Device C as an isolate-user-VLAN, which includes an upstream port Ethernet 2/0/5 and two secondary VLANs, namely VLAN 3 and VLAN 4. VLAN 3 has Ethernet 2/0/3 and VLAN 4 has Ethernet 2/0/4.
l For Device A, Device B only has one VLAN (VLAN 5) and Device C only has one VLAN (VLAN 6).
II. Network diagram
Figure 2-2 Isolate-User-VLAN configuration diagram
III. Configuration procedure
The following are the configuration procedures for Device B and Device C.
1) Configure Device B
# Configure the isolate-user-VLAN.
<DeviceB> system-view
[DeviceB] vlan 5
[DeviceB-vlan5] isolate-user-vlan enable
[DeviceB-vlan5] port ethernet 2/0/5
[DeviceB-vlan5] quit
# Configure the secondary VLANs.
[DeviceB] vlan 3
[DeviceB-vlan3] port ethernet 2/0/1
[DeviceB-vlan3] quit
[DeviceB] vlan 2
[DeviceB-vlan2] port ethernet 2/0/2
[DeviceB-vlan2] quit
# Establish the mapping between the isolate-user-vlan and the secondary VLANs.
[DeviceB] isolate-user-vlan 5 secondary 2 to 3
2) Configure Device C
# Configure the isolate-user-vlan.
<DeviceC> system-view
[DeviceC] vlan 6
[DeviceC-vlan6] isolate-user-vlan enable
[DeviceC-vlan6] port ethernet 2/0/5
[DeviceC-vlan6] quit
# Configure the secondary VLANs.
[DeviceC] vlan 3
[DeviceC-vlan3] port ethernet 2/0/3
[DeviceC-vlan3] quit
[DeviceC] vlan 4
[DeviceC-vlan4] port ethernet 2/0/4
# Establish the mapping between the isolate-user-vlan and the secondary VLANs.
[DeviceC-vlan4] quit
[DeviceC] isolate-user-vlan 6 secondary 3 to 4
IV. Verification
# Display the isolate-user-vlan configuration on Device B.
[DeviceB] display isolate-user-vlan
Isolate-user-VLAN VLAN ID : 5
Secondary VLAN ID : 2-3
VLAN ID: 5
VLAN Type: static
Isolate-user-VLAN type : isolate-user-VLAN
Route Interface: not configured
Description: VLAN 0005
Broadcast MAX-ratio: 100%
Tagged Ports: none
Untagged Ports:
Ethernet2/0/1 Ethernet2/0/2 Ethernet2/0/5
VLAN ID: 2
VLAN Type: static
Isolate-user-VLAN type : secondary
Route Interface: not configured
Description: VLAN 0002
Broadcast MAX-ratio: 100%
Tagged Ports: none
Untagged Ports:
Ethernet2/0/2 Ethernet2/0/5
VLAN ID: 3
VLAN Type: static
Isolate-user-VLAN type : secondary
Route Interface: not configured
Description: VLAN 0003
Broadcast MAX-ratio: 100%
Tagged Ports: none
Untagged Ports:
Ethernet2/0/1 Ethernet2/0/5
[DeviceB]
Chapter 3 Voice VLAN Configuration
When configuring Voice VLAN, go to these sections for information you are interested in:
l Displaying and Maintaining Voice VLAN
3.1 Introduction to Voice VLAN
Voice VLANs are configured specially for voice traffic. By adding the ports that connect voice devices to voice VLANs, you can configure quality of service (QOS for short) attributes for the voice traffic, increasing transmission priority and ensuring voice quality. A device determines whether a received packet is a voice packet by checking its source MAC address. Packets containing source MAC addresses that comply with the voice device Organizationally Unique Identifier (OUI for short) addresses are regarded as voice traffic, and are forwarded in the voice VLANs.
You can configure the OUI addresses in advance or use the default OUI addresses, which are listed as follows.
Table 3-1 The default OUI addresses of different vendors
|
Number |
OUI address |
Vendors |
|
1 |
0001-e300-0000 |
Siemens phone |
|
2 |
0003-6b00-0000 |
Cisco phone |
|
3 |
0004-0d00-0000 |
Avaya phone |
|
4 |
0060-b900-0000 |
Philips/NEC phone |
|
5 |
00d0-1e00-0000 |
Pingtel phone |
|
6 |
00e0-7500-0000 |
Polycom phone |
|
7 |
00e0-bb00-0000 |
3Com phone |
& Note:
l As the first 24 bits of a MAC address (in binary format), an OUI address is a globally unique identifier assigned to a vendor by IEEE (Institute of Electrical and Electronics Engineers).
l The default OUI address can be configured/removed manually.
3.1.1 Working Modes of Voice VLAN
A voice VLAN can operate in two working modes: automatic mode and manual mode (the mode here refers to the way of adding a port to a voice VLAN).
l In automatic mode, the system identifies the source MAC address contained in the protocol packets (untagged packets) sent when the IP phone is powered on and matches it against the OUI addresses. If a match is found, the system will automatically add the port into the Voice VLAN and apply ACL rules to ensure the packet precedence. An aging time can be configured for the voice VLAN. The system will remove a port from the voice VLAN if no voice packet is received from it after the aging time. The adding and deleting of ports are automatically realized by the system.
l In manual mode, the IP phone access port needs to be added to the voice VLAN manually. It then identifies the source MAC address contained in the packet, matches it against the OUI addresses. If a match is found, the system issues ACL rules and configures the precedence for the packets. In this mode, the operation of adding ports to the voice VLAN and removing ports from the voice VLAN are carried out by the administrators.
l Both modes forward tagged packets according to their tags.
The following table lists the co-relation between the working modes of a voice VLAN, the voice traffic type of an IP phone, and the interface modes of a VLAN interface.
Table 3-2 Voice VLAN operating mode and the corresponding voice traffic types
|
Voice VLAN operating mode |
Voice traffic type |
Port link type |
|
Automatic mode |
Tagged voice traffic |
Access: the traffic type is not supported |
|
Trunk: supported provided that the default VLAN of the access port exists and is not a voice VLAN and that the access port belongs to the voice VLAN |
||
|
Hybrid: supported provided that the default VLAN of the access port exists and is not a voice VLAN. Besides, the default VLAN need to be in the list of tagged VLANs whose packets can pass through the access port |
||
|
Untagged voice traffic |
Access, Trunk, Hybrid: not supported |
|
|
Manual mode |
Tagged voice traffic |
Access: not supported |
|
Trunk: supported provided that the default VLAN of the access port exists and is not a voice VLAN and that the access port belongs to the default VLAN |
||
|
Hybrid: supported provided that the default VLAN of the access port exists and is not the voice VLAN. Besides, the voice VLAN must be in the list of tagged VLANs whose packets can pass through the access port |
||
|
Untagged voice traffic |
Access: supported provided that the default VLAN of the access port is a voice VLAN |
|
|
Trunk: supported provided that the default VLAN of the access port is a voice VLAN and that the access port allows packets from the voice VLAN to pass through |
||
|
Hybrid port: supported provided that the default VLAN of the access port is a voice VLAN and that the voice VLAN is in the list of untagged VLANs whose packets are allowed to pass through the access port |
Caution:
If the voice traffic sent by an IP phone is tagged and that the access port has 802.1x authentication and Guest VLAN enabled, assign different VLAN IDs for the voice VLAN, the default VLAN of the access port, and the 802.1x guest VLAN.
& Note:
l The default VLANs for all ports are VLAN 1. Using commands, users can either configure the default VLAN of a port, or configure to allow a certain VLAN to pass through the port. For more information, refer to section Configuring Port-Based VLAN.
l Use the display interface command to display the default VLAN and the VLANs that are allowed to go through a certain port.
3.1.2 Security Mode and Normal Mode of Voice VLAN
Ports that have the voice VLAN feature enabled can be divided into two modes based on their filtering mechanisms applied to inbound packets.
l Security mode: only voice packets with source OUI MAC addresses can pass through the inbound port (with the voice VLAN feature enabled), other non-voice packets will be discarded, including authentication packets, such as 802.1 authentication packet.
l Normal mode: both voice packets and non-voice packets are allowed to pass through an inbound port (with the voice VLAN feature enabled), the former will abide by the voice VLAN forwarding mechanism whereas the latter normal VLAN forwarding mechanism.
It is recommended that you do not mix voice packets with other types of data in a voice VLAN. If necessary, please ensure that the security mode is disabled.
3.2 Configuring Voice VLAN
3.2.1 Configuration Prerequisites
l Create the corresponding VLAN before configuring the voice VLAN;
l As a default VLAN, VLAN 1 does not need to be created. However, it cannot be enabled with the voice VLAN feature.
3.2.2 Configuring a Voice VLAN under Automatic Mode
Follow these steps to configure the voice VLAN under automatic mode:
|
To do... |
Use the command... |
Remarks |
|
Enter system view |
system-view |
— |
|
Configure the aging time of the voice VLAN |
voice vlan aging minutes |
Optional Only applicable to ports in automatic mode and defaults to 1,440 minutes |
|
Enable the security mode of the voice VLAN |
voice vlan security enable |
Optional Enabled by default |
|
Configure the OUI address for the voice VLAN |
voice vlan mac-address oui mask oui-mask [ description text ] |
Optional By default, each voice VLAN has default OUI addresses configured. Refer to Table 3-1 for the default OUI addresses of different vendors. |
|
Enable the global voice VLAN feature |
voice vlan vlan-id enable |
Required |
|
Enter Ethernet port view |
interface interface-type interface-number |
— |
|
Configure the working mode as automatic |
voice vlan mode auto |
Optional Automatic mode by default The working mode of the voice VLAN on each port is independent of each other. |
|
Enable the voice VLAN feature on the port |
voice vlan enable |
Required Not enabled by default |
& Note:
l Do not configure a VLAN as a protocol-based VLAN and a voice VLAN under automatic mode simultaneously as the former requires the Hybrid port to untag packets (refer to section Configuring Protocol-Based VLAN) whereas the latter requires the Hybrid port to tag packets.
l The default VLAN of a port in automatic mode cannot be configured as voice VLAN. Otherwise, the system will prompt error information.
l Issuing of the voice vlan security enable command and the undo voice vlan security enable command only takes effect before the voice VLAN feature is enabled globally.
3.2.3 Configuring a Voice VLAN under Manual Mode
Follow these steps to configure the voice VLAN under manual mode:
|
To do... |
Use the command... |
Remarks |
|
|
Enter system view |
system-view |
— |
|
|
Enable the security mode of a voice VLAN |
voice vlan security enable |
Optional Enabled by default |
|
|
Configure the OUI address of a voice VLAN |
voice vlan mac-address oui mask oui-mask [ description text ] |
Optional By default, each voice VLAN has default OUI addresses configured. Refer to Table 3-1 for the default OUI addresses of different vendors. |
|
|
Enable the global voice VLAN feature |
voice vlan vlan-id enable |
Required |
|
|
Enter Ethernet port view |
interface interface-type interface-number |
— |
|
|
Configure the working mode as manual |
undo voice vlan mode auto |
Required Disabled by default |
|
|
Add the ports in manual mode to the voice VLAN |
Access port |
Refer to Configuring an Access-Port-Based VLAN. |
Select one of the three operations listed. After you add an access port to a voice VLAN, the voice VLAN becomes the default VLAN of the port automatically. |
|
Trunk port |
Refer to Configuring a Trunk-Port-Based VLAN. |
||
|
Hybrid port |
Refer to Configuring a Hybrid-Port-Based VLAN. |
||
|
Configure the voice VLAN as the default VLAN of the port |
Trunk port |
Refer to section Configuring a Trunk-Port-Based VLAN |
Optional This operation is required if the input voice traffic is untagged. If the input voice traffic is tagged, the voice VLAN cannot be configured as the default VLAN. |
|
Hybrid port |
Refer to Configuring a Hybrid-Port-Based VLAN. |
||
|
Enable the voice VLAN feature on the port |
voice vlan enable |
Required |
|
& Note:
l Only one VLAN of a device can have the voice VLAN function enabled at a time, and the VLAN must be an exsiting static VLAN.
l A port that has the Link Aggregation Control Protocol (LACP for short) enabled cannot have the voice VLAN feature enabled at the same time.
l Issuing of the voice vlan security enable command and the undo voice vlan security enable command only takes effect before the voice VLAN feature is enabled globally.
l If the port is enabled with voice VLAN in manual mode, you need to add the port to the voice VLAN manually to validate the voice VLAN.
3.3 Displaying and Maintaining Voice VLAN
|
To do... |
Use the command... |
Remarks |
|
Display the voice VLAN state |
display voice vlan state |
Available in any view |
|
Display the OUI addresses currently supported by system |
display voice vlan oui |
Available in any view |
3.4 Voice VLAN Configuration Examples
3.4.1 A Configuration Example of the Voice VLAN under Automatic Mode
I. Network requirement
l Create VLAN 2 and configure it as a voice VLAN with an aging time of 100 minutes.
l The voice traffic sent by the IP phones is tagged. Configure Ethernet 2/0/1 as a Hybrid port and as the access port, with VLAN 6 as the default VLAN.
l The device allows voice packets from Ethernet 2/0/1 with an OUI address of 0011-2200-0000 and a mask of ffff-ff00-0000 to be forwarded through the voice VLAN.
II. Network diagram
Figure 3-1 Voice VLAN under automatic mode
III. Configuration procedure
# Create VLAN 2 and VLAN 6.
<DeviceA> system-view
[DeviceA] vlan 2
[DeviceA-vlan2] quit
[DeviceA] vlan 6
[DeviceA-vlan6] quit
# Configure the voice VLAN aging time.
[DeviceA] voice vlan aging 100
# Configure the OUI address 0011-2200-0000 as the legal address of the voice VLAN.
[DeviceA] voice vlan mac-address 0011-2200-0000 mask ffff-ff00-0000
# Enable the voice VLAN feature globally.
[DeviceA] voice vlan 2 enable
# Configure the working mode of the voice VLAN of Ethernet 2/0/1 as automatic. (Optional, by default, the voice VLAN works in automatic mode)
[DeviceA] interface ethernet 2/0/1
[DeviceA-Ethernet2/0/1] voice vlan mode auto
# Configure Ethernet 2/0/1 as a Hybrid port.
[DeviceA-Ethernet2/0/1] port link-type access
Please wait... Done.
[DeviceA-Ethernet2/0/1] port link-type hybrid
# Configure the default VLAN of the port as VLAN 6 and allow packets from VLAN 6 to pass through the port.
[DeviceA-Ethernet2/0/1] port hybrid pvid vlan 6
[DeviceA-Ethernet2/0/1] port hybrid vlan 6 tagged
# Enable the voice VLAN feature on the port.
[DeviceA-Ethernet2/0/1] voice vlan enable
[DeviceA-Ethernet2/0/1] return
IV. Verification
# Display information about the OUI addresses, OUI address masks, and descriptive strings.
<DeviceA> display voice vlan oui
Oui Address Mask Description
0001-e300-0000 ffff-ff00-0000 Siemens phone
0003-6b00-0000 ffff-ff00-0000 Cisco phone
0004-0d00-0000 ffff-ff00-0000 Avaya phone
0011-2200-0000 ffff-ff00-0000
0060-b900-0000 ffff-ff00-0000 Philips/NEC phone
00d0-1e00-0000 ffff-ff00-0000 Pingtel phone
00e0-7500-0000 ffff-ff00-0000 Polycom phone
00e0-bb00-0000 ffff-ff00-0000 3com phone
# Display the current Voice VLAN state.
<DeviceA> display voice vlan state
Voice VLAN status: ENABLE
Voice VLAN ID: 2
Voice VLAN security mode: Security
Voice VLAN aging time: 100 minutes
Voice VLAN enabled port and its mode:
PORT MODE
--------------------------------
Ethernet2/0/1 AUTO
<DeviceA>
3.4.2 A Configuration Example of Voice VLAN under Manual Mode
I. Network requirement
l Create VLAN 2 and configure it as a voice VLAN.
l IP phone type is untagged with the Hybrid port Ethernet 2/0/1 being the access port.
l Ethernet 2/0/1 works in manual mode. It only allows voice packets with an OUI address of 0011-2200-0000, a mask of ffff-ff00-0000, and a descriptive string of test to be forwarded.
II. Network diagram
Figure 3-2 Voice VLAN under manual mode
III. Configuration procedure
# Configure the voice VLAN to work in security mode and only allows legal voice packets to pass through the voice VLAN enabled port. (Optional, enabled by default)
<DeviceA> system-view
[DeviceA] voice vlan security enable
# Configure the OUI address 0011-2200-0000 as the legal voice VLAN address.
[DeviceA] voice vlan mac-address 0011-2200-0000 mask ffff-ff00-0000 description test
# Create VLAN 2. Enable voice VLAN feature for it.
[DeviceA] vlan 2
[DeviceA-vlan2] quit
[DeviceA] voice vlan 2 enable
# Configure Ethernet 2/0/1 to work in manual mode.
[DeviceA] interface ethernet 2/0/1
[DeviceA-Ethernet2/0/1] undo voice vlan mode auto
# Configure Ethernet 2/0/1 as a Hybrid port.
[DeviceA-Ethernet2/0/1]port link-type access
Please wait... Done.
[DeviceA-Ethernet2/0/1]port link-type hybrid
# Configure the default VLAN of Ethernet 2/0/1 as voice VLAN and add it to the list of tagged VLANs whose packets can pass through the port.
[DeviceA-Ethernet2/0/1] port hybrid pvid vlan 2
[DeviceA-Ethernet2/0/1] port hybrid vlan 2 untagged
# Enable the voice VLAN feature on Ethernet 2/0/1.
[DeviceA-Ethernet2/0/1] voice vlan enable
IV. Verification
# Display information about the OUI addresses, OUI address masks, and descriptive strings.
<DeviceA> display voice vlan oui
Oui Address Mask Description
0001-e300-0000 ffff-ff00-0000 Siemens phone
0003-6b00-0000 ffff-ff00-0000 Cisco phone
0004-0d00-0000 ffff-ff00-0000 Avaya phone
0011-2200-0000 ffff-ff00-0000 test
0060-b900-0000 ffff-ff00-0000 Philips/NEC phone
00d0-1e00-0000 ffff-ff00-0000 Pingtel phone
00e0-7500-0000 ffff-ff00-0000 Polycom phone
00e0-bb00-0000 ffff-ff00-0000 3com phone
# Display the current Voice VLAN state.
<DeviceA> display voice vlan state
Voice VLAN status: ENABLE
Voice VLAN ID: 2
Voice VLAN security mode: Security
Voice VLAN aging time: 100 minutes
Voice VLAN enabled port and its mode:
PORT MODE
--------------------------------
Ethernet2/0/1 MANUAL
Chapter 4 GVRP Configuration
GARP VLAN Registration Protocol (GVRP) is a GARP application. It functions based on the operating mechanism of GARP to maintain and propagate dynamic VLAN registration information for the GVRP devices on the network.
When configuring GVRP, go to these sections for information you are interested in:
l Displaying and Maintaining GVRP
4.1 Introduction to GVRP
4.1.1 GARP
Generic Attribute Registration Protocol (GARP) provides a mechanism that allows participants in a GARP application to distribute, propagate, and register with other participants in a bridged LAN the attributes specific to the GARP application, such as the VLAN or multicast address attribute.
GARP itself does not exist on a device as an entity. GARP-compliant participants are known as GARP applications. One example is GVRP. When a GARP participant is present on a port on your device, the port is regarded as a GARP participant.
I. GARP messages and timers
1) GARP messages
GARP participants exchange information through the following three types of messages: Join message, Leave message, and LeaveAll message.
l A GARP participant uses Join messages to have its attributes registered on other devices. A GARP participant also sends Join messages to register attributes on other GARP participants when it receives Join messages from other GARP participants or static attributes are configured on it.
l A GARP participant uses Leave messages to have its attributes deregistered on other devices. A GARP participant also sends Leave messages when it receives Leave messages from other GARP participants or static attributes are deregistered on it.
l LeaveAll messages are used to deregister all the attributes, through which all the other GARP participants begin to have all their attributes registered. A GARP participant sends LeaveAll messages upon the expiration of the LeaveAll timer, which is triggered when the GARP participant is created.
Join messages, Leave messages, and LeaveAll message make sure the reregistration and deregistration of GARP attributes are performed in an orderly way.
Through message exchange, all attribute information that needs registration propagates to all GARP participants throughout a LAN.
2) GARP timers
The interval of sending of GARP messages is controlled by the following four timers:
l Hold timer –– A GARP participant usually does not forwards a received registration request immediately after it receives a registration request, instead, it waits for the expiration of the hold timer. That is, a GARP participant sends Join messages when the hold timer expires. The Join message contains all the registration information received during the latest Hold timer cycle. Such a mechanism saves the bandwidth.
l Join timer –– Each GARP participant sends a Join message twice for reliability sake and uses a join timer to set the sending interval. If the first Join message is not acknowledged after the interval defined by the Join timer, the GARP participant sends the second Join message.
l Leave timer –– Starts upon receipt of a Leave message sent for deregistering some attribute information. If no Join message is received before this timer expires, the GARP participant removes the attribute information as requested.
l LeaveAll timer –– Starts when a GARP participant starts. When this timer expires, the entity sends a LeaveAll message so that other participants can re-register its attribute information. Then, a LeaveAll timer starts again.
& Note:
l The settings of GARP timers apply to all GARP applications, such as GVRP, on a LAN.
l Unlike other three timers, which are set on a port basis, the LeaveAll timer is set in system view and takes effect globally.
l A GARP participant may send LeaveAll messages at the interval set by its LeaveAll timer or the LeaveAll timer on another device on the network, whichever is smaller. This is because each time a device on the network receives a LeaveAll message it resets its LeaveAll timer.
II. Operating mechanism of GARP
The GARP mechanism allows the configuration of a GARP participant to propagate throughout a LAN quickly. In GARP, a GARP participant registers or deregisters its attributes with other participants by making or withdrawing declarations of attributes and at the same time, based on received declarations or withdrawals, handles attributes of other participants. When a port receives an attribute declaration, it registers the attribute; when a port receives an attribute withdrawal, it deregisters the attribute.
GARP participants send protocol data units (PDU) with a particular multicast MAC address as destination. Based on this address, a device can identify to which GVRP application, GVRP for example, should a GARP PDU be delivered.
III. GARP message format
The following figure illustrates the GARP message format.
Figure 4-1 GARP message format
Table 4-1 describes the GARP message fields.
Table 4-1 Description on the GARP message fields
|
Field |
Description |
Value |
|
Protocol ID |
Protocol identifier for GARP |
1 |
|
Message |
One or multiple messages, each containing an attribute type and an attribute list |
–– |
|
Attribute Type |
Defined by the concerned GARP application |
0x01 for GVRP, indicating the VLAN ID attribute |
|
Attribute List |
Contains one or multiple attributes |
–– |
|
Attribute |
Consists of an Attribute Length, an Attribute Event, and an Attribute Value |
–– |
|
Attribute Length |
Number of octets occupied by an attribute, inclusive of the attribute length field |
2 to 255 (in bytes) |
|
Attribute Event |
Event described by the attribute |
0: LeaveAll event 1: JoinEmpty event 2: JoinIn event 3: LeaveEmpty event 4: LeaveIn event 5: Empty event |
|
Attribute Value |
Attribute value |
VLAN ID for GVRP If the Attribute Event is LeaveAll, Attribute Value is omitted. |
|
End Mark |
Indicates the end of a GARP PDU |
0x00 |
4.1.2 GVRP
GVRP enables a device to propagate local VLAN registration information to other participant devices and dynamically update the VLAN registration information from other devices to its local database about active VLAN members and through which port they can be reached. It thus ensures that all GVRP participants on a bridged LAN maintain the same VLAN registration information. The VLAN registration information propagated by GVRP includes both manually configured local static entries and dynamic entries from other devices.
GVRP provides the following three registration types on a port:
l Normal –– Enables the port to dynamically register and deregister VLANs, and to propagate both dynamic and static VLAN information.
l Forbidden –– Disables the port to dynamically register and deregister VLANs, and to propagate VLAN information except information about VLAN 1. A trunk port with forbidden registration type thus allows only VLAN 1 to pass through even though it is configured to carry all VLANs.
4.1.3 Protocols and Standards
GVRP is described in IEEE 802.1Q.
4.2 Configuring GVRP
& Note:
GVRP can only be configured on trunk ports.
Complete the following tasks to configure GVRP:
|
Task |
Remarks |
|
Required |
|
|
Optional |
4.2.1 Enabling GVRP
Follow these steps to enable GVRP on a trunk port:
|
To do… |
Use the command… |
||
|
Enter system view |
system-view |
–– |
|
|
Enable GVRP globally |
gvrp |
Required Globally disabled by default |
|
|
Enter Ethernet port view or port-group view |
Enter Ethernet port view |
interface interface-type interface-number |
Required Perform either of the operations. Depending on the view you accessed, the subsequent configuration takes effect on a port or all ports in a port-group. |
|
Enter port-group view |
port-group { aggregation agg-id | manual port-group-name } |
||
|
Enable GVRP on the port |
gvrp |
Required Disabled by default |
|
|
Configure the GVRP registration mode on the port |
gvrp registration { fixed | forbidden | normal } |
Optional The default is normal. |
|
& Note:
Because GVRP is not compatible with the BPDU tunneling feature, you must disable BPDU tunneling before enabling GVRP on a BPDU tunneling-enabled Ethernet port.
4.2.2 Configuring GARP Timers
Follow these steps to configure GARP timers:
|
To do… |
Use the command… |
Remarks |
|
|
Enter system view |
system-view |
–– |
|
|
Configure the GARP LeaveAll timer |
garp timer leaveall timer-value |
Optional The default is 1000 centiseconds. |
|
|
Enter Ethernet port view or port-group view |
Enter Ethernet port view |
interface interface-type interface-number |
Required Perform either of the operations. Depending on the view you accessed, the subsequent configuration takes effect on a port or all ports in a port-group. |
|
Enter port-group view |
port-group { manual port-group-name | aggregation agg-id } |
||
|
Configure the hold timer, join timer, and leave timer |
garp timer { hold | join | leave } timer-value |
Optional The default is 10 centiseconds for the hold timer, 20 centiseconds for the join timer, and 60 centiseconds for the leave timer. |
|
As for the GARP timers, note that:
l The setting of each timer must be a multiple of five (in centiseconds).
l The settings of the timers are correlated. If you fail to set a timer to a certain value, you can try to adjust the settings of the rest timers. Table 4-2 shows the relationship of the timers.
Table 4-2 Dependencies of GARP timers
|
Timer |
Lower limit |
Upper limit |
|
Hold |
10 centiseconds |
Not greater than half of the join timer setting |
|
Join |
Not less than two times the hold timer setting |
Less than half of the leave timer setting |
|
Leave |
Greater than two times the join timer setting |
Less than the LeaveAll timer setting |
|
LeaveAll |
Greater than the leave timer setting |
32765 centiseconds |
4.3 Displaying and Maintaining GVRP
|
To do… |
Use the command… |
Remarks |
|
Display statistics about GARP |
display garp statistics [ interface interface-list ] |
Available in any view |
|
Display GARP timers for specified or all ports |
display garp timer [ interface interface-list ] |
Available in any view |
|
Display the local VLAN information maintained by GVRP |
display gvrp local-vlan interface interface-type interface-number |
Available in any view |
|
Display the current GVRP state |
display gvrp state interface interface-type interface-number vlan vlan-id |
Available in any view |
|
Display statistics about GVRP |
display gvrp statistics [ interface interface-list ] |
Available in any view |
|
Display the global GVRP state |
display gvrp status |
Available in any view |
|
Display the information about dynamic VLAN operations performed on a port |
display gvrp vlan-operation interface interface-type interface-number |
Available in any view |
|
Clear the GARP statistics |
reset garp statistics [ interface interface-list ] |
Available in user view |
4.4 GVRP Configuration Examples
4.4.1 GVRP Configuration Example I
I. Network requirements
Configure GVRP for dynamic VLAN information registration and update among devices, adopting the normal registration mode on ports.
II. Network diagram
Figure 4-2 Network diagram for GVRP configuration
III. Configuration procedure
1) Configure Device A
# Enable GVRP globally.
<DeviceA> system-view
[DeviceA] gvrp
# Configure port Ethernet 2/0/1 as a trunk port, allowing all VLANs to pass.
[DeviceA] interface ethernet 2/0/1
[DeviceA-Ethernet2/0/1] port link-type trunk
[DeviceA-Ethernet2/0/1] port trunk permit vlan all
# Enable GVRP on the port.
[DeviceA-Ethernet2/0/1] gvrp
[DeviceA-Ethernet2/0/1] quit
# Create VLAN 2 (a static VLAN).
[DeviceA] vlan 2
2) Configure Device B
# Enable GVRP globally.
<DeviceB> system-view
[DeviceB] gvrp
# Configure port Ethernet 2/0/1 as a trunk port, allowing all VLANs to pass.
[DeviceB] interface ethernet 2/0/1
[DeviceB-Ethernet2/0/1] port link-type trunk
[DeviceB-Ethernet2/0/1] port trunk permit vlan all
# Enable GVRP on the port.
[DeviceB-Ethernet2/0/1] gvrp
[DeviceB-Ethernet2/0/1] quit
# Create VLAN 3 (a static VLAN).
[DeviceB] vlan 3
3) Verify the configuration
# Display dynamic VLAN information on Device A.
[DeviceA] display vlan dynamic
Now, the following dynamic VLAN exist(s):
3
# Display dynamic VLAN information on Device B.
[DeviceB] display vlan dynamic
Now, the following dynamic VLAN exist(s):
2
4.4.2 GVRP Configuration Example II
I. Network requirements
Configure GVRP for dynamic VLAN information registration and update among devices. Specify fixed GVRP registration on Device A and normal GVRP registration on Device B.
II. Network diagram
Figure 4-3 Network diagram for GVRP configuration
III. Configuration procedure
1) Configure Device A
# Enable GVRP globally.
<DeviceA> system-view
[DeviceA] gvrp
# Configure port Ethernet 2/0/1 as a trunk port, allowing all VLANs to pass.
[DeviceA] interface ethernet 2/0/1
[DeviceA-Ethernet2/0/1] port link-type trunk
[DeviceA-Ethernet2/0/1] port trunk permit vlan all
# Enable GVRP on the port.
[DeviceA-Ethernet2/0/1] gvrp
# Set the GVRP registration type to fixed on the port.
[DeviceA-Ethernet2/0/1] gvrp registration fixed
[DeviceA-Ethernet2/0/1] quit
# Create VLAN 2 (a static VLAN).
[DeviceA] vlan 2
2) Configure Device B
# Enable GVRP globally.
<DeviceB> system-view
[DeviceB] gvrp
# Configure port Ethernet 2/0/1 as a trunk port, allowing all VLANs to pass.
[DeviceB] interface ethernet 2/0/1
[DeviceB-Ethernet2/0/1] port link-type trunk
[DeviceB-Ethernet2/0/1] port trunk permit vlan all
# Enable GVRP on the port.
[DeviceB-Ethernet2/0/1] gvrp
[DeviceB-Ethernet2/0/1] quit
# Create VLAN 3 (a static VLAN).
[Sysname] vlan 3
3) Verify the configuration
# Display dynamic VLAN information on Device A.
[DeviceA] display vlan dynamic
No dynamic vlans exist!
# Display dynamic VLAN information on Device B.
[DeviceB] display vlan dynamic
Now, the following dynamic VLAN exist(s):
2
4.4.3 GVRP Configuration Example III
I. Network requirements
To prevent dynamic VLAN information registration and update among devices, set the GVRP registration mode to forbidden on Device A and normal on Device B.
II. Network diagram
Figure 4-4 Network diagram for GVRP configuration
III. Configuration procedure
1) Configure Device A
# Enable GVRP globally.
<DeviceA> system-view
[DeviceA] gvrp
# Configure port Ethernet 2/0/1 as a trunk port, allowing all VLANs to pass.
[DeviceA] interface ethernet 2/0/1
[DeviceA-Ethernet2/0/1] port link-type trunk
[DeviceA-Ethernet2/0/1] port trunk permit vlan all
# Enable GVRP on the port.
[DeviceA-Ethernet2/0/1] gvrp
# Set the GVRP registration type to forbidden on the port.
[DeviceA-Ethernet2/0/1] gvrp registration forbidden
[DeviceA-Ethernet2/0/1] quit
# Create VLAN 2 (a static VLAN).
[DeviceA] vlan 2
2) Configure Device B
# Enable GVRP globally.
<DeviceB> system-view
[DeviceB] gvrp
# Configure port Ethernet 2/0/1 as a trunk port, allowing all VLANs to pass.
[DeviceB] interface ethernet 2/0/1
[DeviceB-Ethernet2/0/1] port link-type trunk
[DeviceB-Ethernet2/0/1] port trunk permit vlan all
# Enable GVRP on the port.
[DeviceB-Ethernet2/0/1] gvrp
[DeviceB-Ethernet2/0/1] quit
# Create VLAN 3 (a static VLAN).
[DeviceB] vlan 3
3) Verify the configuration
# Display dynamic VLAN information on Device A.
[DeviceA] display vlan dynamic
No dynamic vlans exist!
# Display dynamic VLAN information on Device B.
[DeviceB] display vlan dynamic
No dynamic vlans exist!
