- Table of Contents
- Related Documents
-
Title | Size | Download |
---|---|---|
01-Text | 1.96 MB |
Configuring the MAC address table
How a MAC address entry is created
Command and hardware compatibility
MAC address table configuration task list
Configuring MAC address entries
Adding or modifying a static or dynamic MAC address entry globally
Adding or modifying a static or dynamic MAC address entry on an interface
Adding or modifying a blackhole MAC address entry
Disabling MAC address learning
Disabling global MAC address learning
Disabling MAC address learning on interfaces
Setting the aging timer for dynamic MAC address entries
Setting the MAC learning limit on interfaces
Assigning MAC learning priority to interfaces
Configuring MAC address move notifications and suppression
Enabling SNMP notifications for the MAC address table
Displaying and maintaining the MAC address table
MAC address table configuration example
Configuring Ethernet link aggregation
Aggregation group, member port, and aggregate interface
Aggregation states of member ports in an aggregation group
How static link aggregation works
How dynamic link aggregation works
Load sharing modes for link aggregation groups
Ethernet link aggregation configuration task list
Configuring a Layer 2 aggregation group
Configuration restrictions and guidelines
Configuring a Layer 2 static aggregation group
Configuring a Layer 2 dynamic aggregation group
Configuring an aggregate interface
Setting the description for an aggregate interface
Setting the minimum and maximum numbers of Selected ports for an aggregation group
Setting the expected bandwidth for an aggregate interface
Shutting down an aggregate interface
Restoring the default settings for an aggregate interface
Configuring load sharing for link aggregation groups
Setting load sharing modes for link aggregation groups
Enabling local-first load sharing for link aggregation
Enabling link-aggregation traffic redirection
Configuration restrictions and guidelines
Displaying and maintaining Ethernet link aggregation
Ethernet link aggregation configuration examples
Layer 2 static aggregation configuration example
Layer 2 dynamic aggregation configuration example
Layer 2 aggregation load sharing configuration example
Configuring basic VLAN settings
Configuring basic settings of a VLAN interface
Assigning an access port to a VLAN
Assigning a trunk port to a VLAN
Assigning a hybrid port to a VLAN
Displaying and maintaining VLANs
Loop detection configuration task list
Enabling loop detection globally
Enabling loop detection on a port
Setting the loop protection action
Setting the global loop protection action
Setting the loop protection action on a Layer 2 Ethernet interface
Setting the loop protection action on a Layer 2 aggregate interface
Setting the loop detection interval
Displaying and maintaining loop detection
Loop detection configuration example
Configuring spanning tree protocols
Calculation process of the STP algorithm
MSTP implementation on devices
Command and hardware compatibility
Spanning tree configuration task lists
Setting the spanning tree mode
Configuring the root bridge or a secondary root bridge
Configuring the current device as the root bridge of a specific spanning tree
Configuring the current device as a secondary root bridge of a specific spanning tree
Configuring the device priority
Configuring the maximum hops of an MST region
Configuring the network diameter of a switched network
Configuration restrictions and guidelines
Configuring the BPDU transmission rate
Configuration restrictions and guidelines
Configuring path costs of ports
Specifying a standard for the device to use when it calculates the default path cost
Configuring path costs of ports
Configuring the port link type
Configuration restrictions and guidelines
Configuring the mode a port uses to recognize and send MSTP frames
Enabling outputting port state transition information
Enabling the spanning tree feature
Enabling the spanning tree feature in STP/RSTP/MSTP mode
Enabling the spanning tree feature in PVST mode
Configuration restrictions and guidelines
Performing mCheck in interface view
Disabling inconsistent PVID protection
Configuration restrictions and guidelines
Configuring No Agreement Check
Configuration restrictions and guidelines
Configuring protection features
Configuring port role restriction
Configuring TC-BPDU transmission restriction
Enabling SNMP notifications for new-root election and topology change events
Displaying and maintaining the spanning tree
Performing basic LLDP configurations
Setting the LLDP operating mode
Setting the LLDP reinitialization delay
Configuring the advertisable TLVs
Configuring the management address and its encoding format
Setting an encapsulation format for LLDP frames
Disabling LLDP PVID inconsistency check
Configuring LLDP trapping and LLDP-MED trapping
Displaying and maintaining LLDP
Basic LLDP configuration example
Configuring Layer 2 forwarding
Command and hardware compatibility
Configuring normal Layer 2 forwarding
Displaying and maintaining normal Layer 2 forwarding
Configuring fast Layer 2 forwarding
Displaying and maintaining fast Layer 2 forwarding
VLAN termination application scenarios
Feature and hardware compatibility
Configuration restrictions and guidelines
VLAN termination configuration task list
Configuring ambiguous Dot1q termination
Configuring unambiguous Dot1q termination
Configuring ambiguous QinQ termination
Configuring unambiguous QinQ termination
Configuring untagged termination
Configuring default termination
Enabling a VLAN termination-enabled interface to transmit broadcasts and multicasts
VLAN termination configuration examples
Unambiguous Dot1q termination configuration example
Ambiguous Dot1q termination configuration example
Configuration example for Dot1q termination supporting PPPoE server
Unambiguous QinQ termination configuration example
Ambiguous QinQ termination configuration example
Assigning a port to the isolation group
Displaying and maintaining port isolation
Port isolation configuration example
Configuring the MAC address table
Overview
An Ethernet device uses a MAC address table to forward frames. A MAC address entry includes a destination MAC address, an outgoing interface, and a VLAN ID. When the device receives a frame, it uses the destination MAC address of the frame to look for a match in the MAC address table.
· The device forwards the frame out of the outgoing interface in the matching entry if a match is found.
· The device floods the frame in the VLAN of the frame if no match is found.
How a MAC address entry is created
The entries in the MAC address table include entries automatically learned by the device and entries manually added.
MAC address learning
The device can automatically populate its MAC address table by learning the source MAC addresses of incoming frames on each interface.
The device performs the following operations to learn the source MAC address of incoming packets:
1. Checks the source MAC address (for example, MAC-SOURCE) of the frame.
2. Looks up the source MAC address in the MAC address table.
? The device updates the entry if an entry is found.
? The device adds an entry for MAC-SOURCE and the incoming port if no entry is found.
When the device receives a frame destined for MAC-SOURCE after learning this source MAC address, the device performs the following operations:
1. Finds the MAC-SOURCE entry in the MAC address table.
2. Forwards the frame out of the port in the entry.
The device performs the learning process for each incoming frame with an unknown source MAC address until the table is fully populated.
Manually configuring MAC address entries
Dynamic MAC address learning does not distinguish between illegitimate and legitimate frames, which can invite security hazards. When Host A is connected to port A, a MAC address entry will be learned for the MAC address of Host A (for example, MAC A). When an illegal user sends frames with MAC A as the source MAC address to port B, the device performs the following operations:
1. Learns a new MAC address entry with port B as the outgoing interface and overwrites the old entry for MAC A.
2. Forwards frames destined for MAC A out of port B to the illegal user.
As a result, the illegal user obtains the data of Host A. To improve the security for Host A, manually configure a static entry to bind Host A to port A. Then, the frames destined for Host A are always sent out of port A. Other hosts using the forged MAC address of Host A cannot obtain the frames destined for Host A.
Types of MAC address entries
A MAC address table can contain the following types of entries:
· Static entries—A static entry is manually added to forward frames with a specific destination MAC address out of the associated interface, and it never ages out. A static entry has higher priority than a dynamically learned one.
· Dynamic entries—A dynamic entry can be manually configured or dynamically learned to forward frames with a specific destination MAC address out of the associated interface. A dynamic entry might age out. A manually configured dynamic entry has the same priority as a dynamically learned one.
· Blackhole entries—A blackhole entry is manually configured and never ages out. A blackhole entry is configured for filtering out frames with a specific destination MAC address. For example, to block all frames destined for a user, you can configure the MAC address of the user as a blackhole MAC address entry. A blackhole entry has higher priority than a dynamically learned one.
A static or blackhole MAC address entry can overwrite a dynamic MAC address entry, but not vice versa. A static MAC address and a blackhole MAC address cannot overwrite each other.
Command and hardware compatibility
The WX1800H series access controllers do not support the slot keyword or the slot-number argument.
MAC address table configuration task list
The configuration tasks discussed in the following sections can be performed in any order.
This document covers only the configuration of MAC address entries, including static, dynamic, and blackhole MAC address entries.
To configure the MAC address table, perform the following tasks:
Configuring MAC address entries
Configuration guidelines
· You cannot add a dynamic MAC address entry if a learned entry already exists with a different outgoing interface for the MAC address.
· The manually configured static and blackhole MAC address entries cannot survive a reboot if you do not save the configuration. The manually configured dynamic MAC address entries are lost upon reboot whether or not you save the configuration.
A frame whose source MAC address matches different types of MAC address entries is processed differently.
Type |
Description |
Static MAC address entry |
Forwards the frame according to the destination MAC address regardless of whether the frame's ingress interface is the same as that in the entry. |
Dynamic MAC address entry |
· Learns the MAC address of the frames received on a different interface from that in the entry and overwrites the original entry. · Forwards the frame received on the same interface as that in the entry and updates the aging timer for the entry. |
Adding or modifying a static or dynamic MAC address entry globally
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Add or modify a static or dynamic MAC address entry. |
mac-address { dynamic | static } mac-address interface interface-type interface-number vlan vlan-id |
By default, no MAC address entry is configured globally. Make sure you have created the VLAN and assigned the interface to the VLAN. |
Adding or modifying a static or dynamic MAC address entry on an interface
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Enter interface view. |
· Enter Layer 2 Ethernet interface view: · Enter Layer 2 aggregate interface view: |
N/A |
3. Add or modify a static or dynamic MAC address entry. |
mac-address { dynamic | static } mac-address vlan vlan-id |
By default, no MAC address entry is configured on the interface. Make sure you have created the VLAN and assigned the interface to the VLAN. |
Adding or modifying a blackhole MAC address entry
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Add or modify a blackhole MAC address entry. |
mac-address blackhole mac-address vlan vlan-id |
By default, no blackhole MAC address entry is configured. Make sure you have created the VLAN. |
Disabling MAC address learning
MAC address learning is enabled by default. To prevent the MAC address table from being saturated when the device is experiencing attacks, disable MAC address learning. For example, you can disable MAC address learning to prevent the device from being attacked by a large amount of frames with different source MAC addresses.
After MAC address learning is disabled, existing dynamic MAC address entries will age out.
Disabling global MAC address learning
Disabling global MAC address learning disables MAC address learning on all interfaces. The device stops learning MAC addresses.
To disable global MAC address learning:
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Disable global MAC address learning. |
undo mac-address mac-learning enable |
By default, global MAC address learning is enabled. |
Disabling MAC address learning on interfaces
When global MAC address learning is enabled, you can disable MAC address learning on a single interface.
To disable MAC address learning on an interface:
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Enter interface view. |
· Enter Layer 2 Ethernet interface view: · Enter Layer 2 aggregate interface view: |
N/A |
3. Disable MAC address learning on the interface. |
undo mac-address mac-learning enable |
By default, MAC address learning on the interface is enabled. |
Setting the aging timer for dynamic MAC address entries
For security and efficient use of table space, the MAC address table uses an aging timer for each dynamic MAC address entry. If a dynamic MAC address entry is not updated before the aging timer expires, the device deletes the entry. This aging mechanism ensures that the MAC address table can promptly update to accommodate latest network topology changes.
A stable network requires a longer aging interval, and an unstable network requires a shorter aging interval.
An aging interval that is too long might cause the MAC address table to retain outdated entries. As a result, the MAC address table resources might be exhausted, and the MAC address table might fail to update its entries to accommodate the latest network changes.
An interval that is too short might result in removal of valid entries, which would cause unnecessary floods and possibly affect the device performance.
To reduce floods on a stable network, set a long aging timer or disable the timer to prevent dynamic entries from unnecessarily aging out. Reducing floods improves the network performance. Reducing flooding also improves the security because it reduces the chances for a data frame to reach unintended destinations.
To set the aging timer for dynamic MAC address entries:
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Set the aging timer for dynamic MAC address entries. |
mac-address timer { aging seconds | no-aging } |
The default setting is 300 seconds. The no-aging keyword disables the aging timer. |
Setting the MAC learning limit on interfaces
This feature limits the MAC address table size. A large MAC address table will degrade forwarding performance.
To set the MAC learning limit on an interface:
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Enter interface view. |
· Enter Layer 2 Ethernet interface view: · Enter Layer 2 aggregate interface view: |
N/A |
3. Set the MAC learning limit on the interface. |
mac-address max-mac-count count |
By default, the MAC learning limit is the device-specific maximum value for the count argument. For more information, see Layer 2—LAN Switching Command Reference. |
Configuring the device to forward unknown frames after the MAC learning limit on an interface is reached
You can enable or disable forwarding of unknown frames after the MAC learning limit on an interface is reached.
In this document, unknown frames refer to frames whose source MAC addresses are not in the MAC address table.
To configure the device to forward unknown frames received on the interface after the MAC learning limit on the interface is reached:
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Enter interface view. |
· Enter Layer 2 Ethernet interface view. · Enter Layer 2 aggregate interface view. |
N/A |
3. Configure the device to forward unknown frames received on the interface after the MAC learning limit on the interface is reached. |
mac-address max-mac-count enable-forwarding |
By default, the device can forward unknown frames received on an interface after the MAC learning limit on the interface is reached. |
Assigning MAC learning priority to interfaces
The MAC learning priority mechanism assigns either low priority or high priority to an interface. An interface with high priority can learn MAC addresses as usual. However, an interface with low priority is not allowed to learn MAC addresses already learned on a high-priority interface.
The MAC learning priority mechanism can help defend your network against MAC address spoofing attacks. In a network that performs MAC-based forwarding, an upper layer device MAC address might be learned by a downlink interface because of a loop or attack to the downlink interface. To avoid this problem, perform the following tasks:
· Assign high MAC learning priority to an uplink interface.
· Assign low MAC learning priority to a downlink interface.
To assign MAC learning priority to an interface:
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Enter interface view. |
· Enter Layer 2 Ethernet interface view: · Enter Layer 2 aggregate interface view: |
N/A |
3. Assign MAC learning priority to the interface. |
mac-address mac-learning priority { high | low } |
By default, low MAC learning priority is used. |
Configuring MAC address move notifications and suppression
The outgoing interface for a MAC address entry learned on interface A is changed to interface B when the following conditions exist:
· Interface B receives a packet with the MAC address as the source MAC address.
· Interface B belongs to the same VLAN as interface A.
In this case, the MAC address is moved from interface A to interface B, and a MAC address move occurs.
If a MAC address is continuously moved between the two interfaces, Layer 2 loops might occur. To detect and locate loops, you can view the MAC address move information. To display the MAC address move records after the device is started, use the display mac-address mac-move command.
If the system detects that MAC address moves occur frequently on an interface, you can configure MAC address move suppression to shut the interface down. The interface automatically goes up after a suppression interval. Or, you can manually bring up the interface.
To configure MAC address move notifications and MAC address move suppression:
Step |
Command |
|
system-view |
N/A |
|
2. Enable MAC address move notifications and optionally specify a MAC move detection interval. |
mac-address notification mac-move [ interval interval-value ] |
By default, MAC address move notifications are disabled. If you do not specify a detection interval, the default setting of 1 minute is used. After you execute this command, the system sends only log messages to the information center module. If the device is also configured with the snmp-agent trap enable mac-address command, the system also sends SNMP notifications to the SNMP module. |
3. (Optional.) Set MAC address move suppression parameters. |
mac-address notification mac-move suppression { interval interval-value | threshold threshold-value } |
By default, the suppression interval is 30 seconds, and the suppression threshold is 3. |
4. Enter interface view. |
· Enter Layer 2 Ethernet interface view: · Enter Layer 2 aggregate interface view: |
N/A |
5. Enable MAC address move suppression. |
By default, MAC address move suppression is disabled. |
Enabling SNMP notifications for the MAC address table
After you enable SNMP notifications for the MAC address table, the device will send SNMP notifications to the SNMP module to notify the NMS of important events. You can set the notification sending parameters in SNMP to determine the attributes of sending notifications.
After you disable SNMP notifications for the MAC address table, the device will send only log messages to the information center module. You can set the output rules and destinations to examine the log messages of the MAC address table module.
For more information about SNMP notifications and information center, see Network Management and Monitoring Configuration Guide.
To enable SNMP notifications for the MAC address table:
Step |
Command |
|
system-view |
N/A |
|
2. Enable SNMP notifications for the MAC address table. |
snmp-agent trap enable mac-address [ mac-move ] |
By default, SNMP notifications are enabled for the MAC address table. When SNMP notifications are disabled for the MAC address table, syslog messages are sent to notify important events on the MAC address table module. |
Displaying and maintaining the MAC address table
Execute display commands in any view.
Task |
Command |
Display MAC address table information. |
display mac-address [ mac-address [ vlan vlan-id ] | [ [ dynamic | static ] [ interface interface-type interface-number ] | blackhole ] [ vlan vlan-id ] [ count ] ] |
Display the aging timer for dynamic MAC address entries. |
display mac-address aging-time |
Display the system or interface MAC address learning state. |
display mac-address mac-learning [ interface interface-type interface-number ] |
Display the MAC address move records. |
MAC address table configuration example
Network requirements
As shown in Figure 1:
· Host A at MAC address 000f-e235-dc71 is connected to interface GigabitEthernet 1/0/1 of the AC and belongs to VLAN 1.
· Host B at MAC address 000f-e235-abcd, which behaved suspiciously on the network, also belongs to VLAN 1.
Configure the MAC address table as follows:
· To prevent MAC address spoofing, add a static entry for Host A in the MAC address table of the AC.
· To drop all frames destined for Host B, add a blackhole MAC address entry for Host B.
· Set the aging timer to 500 seconds for dynamic MAC address entries.
Configuration procedure
# Add a static MAC address entry for MAC address 000f-e235-dc71 on GigabitEthernet 1/0/1 that belongs to VLAN 1.
<AC> system-view
[AC] mac-address static 000f-e235-dc71 interface gigabitethernet 1/0/1 vlan 1
# Add a blackhole MAC address entry for MAC address 000f-e235-abcd that belongs to VLAN 1.
[AC] mac-address blackhole 000f-e235-abcd vlan 1
# Set the aging timer to 500 seconds for dynamic MAC address entries.
[AC] mac-address timer aging 500
Verifying the configuration
# Display the static MAC address entries for interface GigabitEthernet 1/0/1.
[AC] display mac-address static interface gigabitethernet 1/0/1
MAC Address VLAN ID State Port/NickName Aging
000f-e235-dc71 1 Static GE1/0/1 N
# Display the blackhole MAC address entries.
[AC] display mac-address blackhole
MAC Address VLAN ID State Port/NickName Aging
000f-e235-abcd 1 Blackhole N/A N
# Display the aging time of dynamic MAC address entries.
[AC] display mac-address aging-time
MAC address aging time: 500s.
Configuring Ethernet link aggregation
Overview
Ethernet link aggregation bundles multiple physical Ethernet links into one logical link called an aggregate link.
Link aggregation has the following benefits:
· Increased bandwidth beyond the limits of any single link. In an aggregate link, traffic is distributed across the member ports.
· Improved link reliability. The member ports dynamically back up one another. When a member port fails, its traffic is automatically switched to other member ports.
As shown in Figure 2, Device A and Device B are connected by three physical Ethernet links. These physical Ethernet links are combined into an aggregate link called link aggregation 1. The bandwidth of this aggregate link can reach up to the total bandwidth of the three physical Ethernet links. At the same time, the three Ethernet links back up one another. When a physical Ethernet link fails, the traffic previously transmitted on the failed link is switched to the other two links.
Figure 2 Ethernet link aggregation diagram
Aggregation group, member port, and aggregate interface
An aggregation group is a group of Ethernet interfaces bundled together. These Ethernet interfaces are called member ports of the aggregation group. Each aggregation group has a corresponding logical interface (called an aggregate interface).
When an aggregate interface is created, the device automatically creates an aggregation group of the same type and number as the aggregate interface.
The port rate of an aggregate interface equals the total rate of its Selected member ports. Its duplex mode is the same as that of the Selected member ports. For more information about Selected member ports, see "Aggregation states of member ports in an aggregation group."
Aggregation states of member ports in an aggregation group
A member port in an aggregation group can be in any of the following aggregation states:
· Selected—A Selected port can forward traffic.
· Unselected—An Unselected port cannot forward traffic.
Operational key
When aggregating ports, the system automatically assigns each port an operational key based on port information, such as port rate and duplex mode. Any change to this information triggers a recalculation of the operational key.
In an aggregation group, all Selected ports have the same operational key.
Configuration types
Port configurations include attribute configurations and protocol configurations. Attribute configurations of a link aggregation member port affect its aggregation state.
· Attribute configurations—To become a Selected port, a member port must have the same attribute configurations as the aggregate interface.
The attribute configurations contain the following VLAN attribute configurations:
? Permitted VLAN IDs.
? PVID.
? Link type (trunk, hybrid, or access).
For information about VLANs, see "Configuring VLANs."
Attribute configuration changes made on an aggregate interface are automatically synchronized to all member ports. If the changes fail to be synchronized to a Selected port, the port might change to the Unselected state. To make the port become Selected again, you can change the attribute configurations on the aggregate interface or the member port. The synchronization failure does not affect the attribute configuration changes made on the aggregate interface. The configurations that have been synchronized from the aggregate interface are retained on the member ports even after the aggregate interface is deleted.
Any attribute configuration change on a member port might affect the aggregation states and running services of the member ports. The system displays a warning message every time you try to change an attribute configuration setting on a member port.
· Protocol configurations—Settings that do not affect the aggregation state of a member port even if they are different from those on the aggregate interface. MAC address learning settings are examples of protocol configurations.
For an aggregation, only the protocol configurations on the aggregate interface take effect. The protocol configurations on the member ports will not take effect until after the ports leave the aggregation group.
Link aggregation modes
An aggregation group operates in one of the following modes:
· Static—Static aggregation is stable. An aggregation group in static mode is called a static aggregation group. The aggregation states of the member ports in a static aggregation group are not affected by the peer ports.
· Dynamic—An aggregation group in dynamic mode is called a dynamic aggregation group. The local system and the peer system automatically maintain the aggregation states of the member ports. Dynamic link aggregation reduces the administrators' workload.
How static link aggregation works
Choosing a reference port
When setting the aggregation states of the ports in an aggregation group, the system automatically chooses a member port as the reference port. A Selected port must have the same operational key and attribute configurations as the reference port.
The system chooses a reference port from the member ports in up state.
The candidate reference ports are organized into different priority levels following these rules:
1. In descending order of port priority.
2. Full duplex.
3. In descending order of speed.
4. Half duplex.
5. In descending order of speed.
From the candidate ports with the same attribute configurations as the aggregate interface, the one with the highest priority level is chosen as the reference port.
· If multiple ports have the same priority level, the port that has been Selected (if any) is chosen. If multiple ports with the same priority level have been Selected, the one with the smallest port number is chosen.
· If multiple ports have the same priority level and none of them has been Selected, the port with the smallest port number is chosen.
Setting the aggregation state of each member port
After the reference port is chosen, the system sets the aggregation state of each member port in the static aggregation group.
Figure 3 Setting the aggregation state of a member port in a static aggregation group
After the limit on Selected ports is reached, the aggregation state of a new member port varies by following conditions:
· The port is placed in Unselected state if the port and the Selected ports have the same port priority. This mechanism prevents traffic interruption on the existing Selected ports. A device reboot can cause the device to recalculate the aggregation states of member ports.
· The port is placed in Selected state when the following conditions are met:
? The port and the Selected ports have different port priorities, and the port has a higher port priority than a minimum of one Selected port.
? The port has the same attribute configurations as the aggregate interface.
Any operational key or attribute configuration change might affect the aggregation states of link aggregation member ports.
LACP
Dynamic aggregation is implemented through IEEE 802.3ad Link Aggregation Control Protocol (LACP).
LACP uses LACPDUs to exchange aggregation information between LACP-enabled devices. Each member port in a dynamic aggregation group can exchange information with its peer. When a member port receives an LACPDU, it compares the received information with information received on the other member ports. In this way, the two systems reach an agreement on which ports are placed in Selected state.
LACP functions
LACP offers basic LACP functions. Basic LACP functions are implemented through the basic LACPDU fields, including the system LACP priority, system MAC address, port priority, port number, and operational key.
LACP operating modes
LACP can operate in active or passive mode.
When LACP is operating in passive mode on a local member port and its peer port, both ports cannot send LACPDUs. When LACP is operating in active mode on either end of a link, both ports can send LACPDUs.
LACP priorities
LACP priorities include system LACP priority and port priority, as described in Table 1. The smaller the priority value, the higher the priority.
Type |
Description |
System LACP priority |
Used by two peer devices (or systems) to determine which one is superior in link aggregation. In dynamic link aggregation, the system that has higher system LACP priority sets the Selected state of member ports on its side. The system that has lower priority sets the aggregation state of local member ports the same as their respective peer ports. |
Port priority |
Determines the likelihood of a member port to be a Selected port on a system. A port with a higher port priority is more likely to become Selected. |
LACP timeout interval
The LACP timeout interval specifies how long a member port waits to receive LACPDUs from the peer port. If a local member port has not received LACPDUs from the peer within the LACP timeout interval, the member port considers the peer as failed.
The LACP timeout interval also determines the LACPDU sending rate of the peer. LACP timeout intervals include the following types:
· Short timeout interval—3 seconds. If you use the short timeout interval, the peer sends one LACPDU per second.
· Long timeout interval—90 seconds. If you use the long timeout interval, the peer sends one LACPDU every 30 seconds.
How dynamic link aggregation works
Choosing a reference port
The system chooses a reference port from the member ports in up state. A Selected port must have the same operational key and attribute configurations as the reference port.
The local system (the actor) and the peer system (the partner) negotiate a reference port by using the following workflow:
1. The two systems determine the system with the smaller system ID.
A system ID contains the system LACP priority and the system MAC address.
a. The two systems compare their LACP priority values.
The lower the LACP priority, the smaller the system ID. If the LACP priority values are the same, the two systems proceed to step b.
b. The two systems compare their MAC addresses.
The lower the MAC address, the smaller the system ID.
2. The system with the smaller system ID chooses the port with the smallest port ID as the reference port.
A port ID contains a port priority and a port number. The lower the port priority, the smaller the port ID.
a. The system chooses the port with the lowest priority value as the reference port.
If the ports have the same priority, the system proceeds to step b.
b. The system compares their port numbers.
The smaller the port number, the smaller the port ID.
The port with the smallest port number and the same attribute configurations as the aggregate interface is chosen as the reference port.
Setting the aggregation state of each member port
After the reference port is chosen, the system with the smaller system ID sets the state of each member port on its side.
Figure 4 Setting the state of a member port in a dynamic aggregation group
The system with the greater system ID can detect the aggregation state changes on the peer system. The system with the greater system ID sets the aggregation state of local member ports the same as their peer ports.
When you aggregate interfaces in dynamic mode, follow these guidelines:
· A dynamic link aggregation group preferably chooses full-duplex ports as the Selected ports. The group chooses only one half-duplex port as a Selected port when either of the following conditions exist:
? None of the full-duplex ports can become Selected ports.
? Only half-duplex ports exist in the group.
· For stable aggregation and service continuity, do not change the operational key or attribute configurations on any member port.
· After the Selected port limit is reached, a newly joining port becomes a Selected port if it is more eligible than a current Selected port.
Load sharing modes for link aggregation groups
In a link aggregation group, traffic can be distributed across the Selected ports on a per-flow basis. The aggregation group classifies packets into flows and forwards packets of the same flow on the same link. The load sharing mode can be one or any combination of the following traffic classification criteria:
· Source or destination IP address.
· Source or destination MAC address.
Ethernet link aggregation configuration task list
Tasks at a glance |
(Required.) Configuring a Layer 2 aggregation group |
(Optional.) Configuring an aggregate interface: · Setting the description for an aggregate interface · Setting the minimum and maximum numbers of Selected ports for an aggregation group · Setting the expected bandwidth for an aggregate interface |
(Optional.) Configuring load sharing for link aggregation groups: |
Configuring a Layer 2 aggregation group
This section explains how to configure an aggregation group.
Configuration restrictions and guidelines
When you configure an aggregation group, follow these restrictions and guidelines:
· Table 2 shows the interfaces that cannot be assigned to a Layer 2 aggregation group.
Table 2 Interfaces that cannot be assigned to a Layer 2 aggregation group
Interface type |
Reference |
Interface configured with MAC authentication |
MAC authentication in Security Configuration Guide |
Interface configured with port security |
Port security in Security Configuration Guide |
Interface configured with 802.1X |
802.1X in Security Configuration Guide |
· Deleting an aggregate interface also deletes its aggregation group and causes all member ports to leave the aggregation group.
· You must configure the same aggregation mode on the two ends of an aggregate link.
· For a successful static aggregation, make sure the ports at both ends of each link are in the same aggregation state.
· For a successful dynamic aggregation, make sure the peer ports of the ports aggregated at one end are also aggregated. The two ends can automatically negotiate the aggregation state of each member port.
Configuring a Layer 2 static aggregation group
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Create a Layer 2 aggregate interface and enter Layer 2 aggregate interface view. |
interface bridge-aggregation interface-number |
When you create a Layer 2 aggregate interface, the system automatically creates a Layer 2 static aggregation group numbered the same. |
3. Exit to system view. |
quit |
N/A |
4. Assign an interface to the specified Layer 2 aggregation group. |
a Enter Layer 2 Ethernet interface view: b Assign the interface to the specified
Layer 2 aggregation group: |
Repeat these two substeps to assign more Layer 2 Ethernet interfaces to the aggregation group. |
Configuring a Layer 2 dynamic aggregation group
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Set the system LACP priority. |
lacp system-priority system-priority |
By default, the system LACP priority is 32768. Changing the system LACP priority might affect the aggregation states of the ports in a dynamic aggregation group. |
3. Create a Layer 2 aggregate interface and enter Layer 2 aggregate interface view. |
interface bridge-aggregation interface-number |
When you create a Layer 2 aggregate interface, the system automatically creates a Layer 2 static aggregation group numbered the same. |
4. Configure the aggregation group to operate in dynamic mode. |
link-aggregation mode dynamic |
By default, an aggregation group operates in static mode. |
5. Exit to system view. |
quit |
N/A |
6. Assign an interface to the specified Layer 2 aggregation group. |
a Enter Layer 2 Ethernet interface view: b Assign the interface to the specified
Layer 2 aggregation group: |
Repeat these two substeps to assign more Layer 2 Ethernet interfaces to the aggregation group. |
7. Set the LACP operating mode for the interface. |
· Set the LACP operating
mode to passive: · Set the LACP
operating mode to active: |
By default, LACP is operating in active mode. |
8. Set the port priority for the interface. |
link-aggregation port-priority port-priority |
The default setting is 32768. |
9. Set the short LACP timeout interval (3 seconds) for the interface. |
lacp period short |
By default, the long LACP timeout interval (90 seconds) is used by the interface. |
Configuring an aggregate interface
Most configurations that can be made on Layer 2 Ethernet interfaces can also be made on Layer 2 aggregate interfaces.
Setting the description for an aggregate interface
You can set the description for an aggregate interface for administration purposes, for example, describing the purpose of the interface.
To set the description for an aggregate interface:
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Enter Layer 2 aggregate interface view. |
interface bridge-aggregation interface-number |
N/A |
3. Set the description for the aggregate interface or subinterface. |
description text |
By default, the description of an interface is interface-name Interface. |
Setting the minimum and maximum numbers of Selected ports for an aggregation group
IMPORTANT: The minimum and maximum numbers of Selected ports must be the same for the local and peer aggregation groups. |
The bandwidth of an aggregate link increases as the number of Selected member ports increases. To avoid congestion, you can set the minimum number of Selected ports required for bringing up an aggregate interface.
This minimum threshold setting affects the aggregation states of aggregation member ports and the state of the aggregate interface.
· When the number of member ports eligible to be Selected ports is smaller than the minimum threshold, the following events occur:
? The eligible member ports are placed in Unselected state.
? The link layer state of the aggregate interface becomes down.
· When the number of member ports eligible to be Selected ports reaches or exceeds the minimum threshold, the following events occur:
? The eligible member ports are placed in Selected state.
? The link layer state of the aggregate interface becomes up.
The maximum number of Selected ports allowed in an aggregation group is limited by either manual configuration or hardware limitation, whichever value is smaller.
You can implement backup between two ports by performing the following tasks:
· Assigning two ports to an aggregation group.
· Setting the maximum number of Selected ports to 1 for the aggregation group.
Then, only one Selected port is allowed in the aggregation group, and the Unselected port acts as a backup port.
To set the minimum and maximum numbers of Selected ports for an aggregation group:
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Enter Layer 2 aggregate interface view. |
interface bridge-aggregation interface-number |
N/A |
3. Set the minimum number of Selected ports for the aggregation group. |
link-aggregation selected-port minimum number |
By default, the minimum number of Selected ports is not specified for an aggregation group. |
4. Set the maximum number of Selected ports for the aggregation group. |
link-aggregation selected-port maximum number |
By default, the maximum number of Selected ports for an aggregation group depends on hardware limitation. |
Setting the expected bandwidth for an aggregate interface
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Enter Layer 2 aggregate interface view. |
interface bridge-aggregation interface-number |
N/A |
3. Set the expected bandwidth for the interface. |
bandwidth bandwidth-value |
By default, the expected bandwidth (in kbps) is the interface baud rate divided by 1000. |
Shutting down an aggregate interface
Shutting down or bringing up an aggregate interface affects the aggregation states and link states of member ports in the corresponding aggregation group as follows:
· When an aggregate interface is shut down, all Selected ports in the corresponding aggregation group become Unselected ports and all member ports go down.
· When an aggregate interface is brought up, the aggregation states of member ports in the corresponding aggregation group are recalculated.
To shut down an aggregate interface:
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Enter Layer 2 aggregate interface view. |
interface bridge-aggregation interface-number |
N/A |
3. Shut down the aggregate interface. |
shutdown |
By default, a Layer 2 aggregate interface is up. |
Restoring the default settings for an aggregate interface
You can restore all configurations on an aggregate interface to the default settings.
To restore the default settings for an aggregate interface:
Step |
Command |
1. Enter system view. |
system-view |
2. Enter Layer 2 aggregate interface view. |
interface bridge-aggregation interface-number |
3. Restore the default settings for the aggregate interface. |
default |
Configuring load sharing for link aggregation groups
This section explains how to configure the load sharing modes for link aggregation groups and how to enable local-first load sharing for link aggregation.
Setting load sharing modes for link aggregation groups
You can set the global or group-specific load sharing mode. A link aggregation group preferentially uses the group-specific load sharing mode. If the group-specific load sharing mode is not available, the group uses the global load sharing mode.
Setting the global link-aggregation load sharing mode
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Set the global link-aggregation load sharing mode. |
link-aggregation global load-sharing mode { destination-ip | destination-mac | source-ip | source-mac } * |
By default, packets are distributed based on the source and destination IP addresses on aggregate links. |
Setting the group-specific load sharing mode
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Enter Layer 2 aggregate interface view. |
interface bridge-aggregation interface-number |
N/A |
3. Set the load sharing mode for the aggregation group. |
link-aggregation load-sharing mode { destination-ip | destination-mac | source-ip | source-mac } * |
By default, an aggregation group uses the global link-aggregation load sharing mode. |
Enabling local-first load sharing for link aggregation
The following matrix shows the feature and hardware compatibility:
Hardware series |
Model |
Local-first load sharing compatibility |
WX1800H series |
WX1804H WX1810H WX1820H WX1840H |
No |
WX3800H series |
WX3820H WX3840H |
Yes |
WX5800H series |
WX5860H |
Yes |
Use local-first load sharing in a multidevice link aggregation scenario to distribute traffic preferentially across member ports on the ingress card or device.
When you aggregate ports on different member devices in an IRF fabric, you can use local-first load sharing to reduce traffic on IRF links, as shown in Figure 5. For more information about IRF, see IRF Configuration Guide.
Figure 5 Load sharing for multidevice link aggregation in an IRF fabric
To enable local-first load sharing for link aggregation:
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Enable local-first load sharing for link aggregation. |
link-aggregation load-sharing mode local-first |
By default, local-first load sharing for link aggregation is enabled. |
Enabling link-aggregation traffic redirection
Link-aggregation traffic redirection prevents traffic interruption.
When you restart an IRF member device that contains Selected ports, this feature redirects traffic of the IRF member device to other IRF member devices.
Configuration restrictions and guidelines
When you enable link-aggregation traffic redirection, follow these restrictions and guidelines:
· Link-aggregation traffic redirection applies only to dynamic link aggregation groups.
· To prevent traffic interruption, enable link-aggregation traffic redirection on devices at both ends of the aggregate link.
Configuration procedure
To enable link-aggregation traffic redirection:
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Enable link-aggregation traffic redirection. |
link-aggregation lacp traffic-redirect-notification enable |
By default, link-aggregation traffic redirection is disabled. |
Displaying and maintaining Ethernet link aggregation
Execute display commands in any view and reset commands in user view.
Task |
Command |
Display information for an aggregate interface or multiple aggregate interfaces. |
display interface bridge-aggregation [ interface-number ] [ brief [ description | down ] ] |
Display the local system ID. |
display lacp system-id |
Display the global or group-specific link-aggregation load sharing modes. |
display link-aggregation load-sharing mode [ interface [ bridge-aggregation interface-number ] ] |
Display detailed link aggregation information for link aggregation member ports. |
display link-aggregation member-port [ interface-list ] |
Display summary information about all aggregation groups. |
display link-aggregation summary |
Display detailed information about the specified aggregation groups. |
display link-aggregation verbose [ bridge-aggregation [ interface-number ] ] |
Clear LACP statistics for the specified link aggregation member ports. |
reset lacp statistics [ interface interface-list ] |
Clear statistics for the specified aggregate interfaces. |
reset counters interface [ bridge-aggregation [ interface-number ] ] |
Ethernet link aggregation configuration examples
Layer 2 static aggregation configuration example
Network requirements
On the network shown in Figure 6, perform the following tasks:
· Configure a Layer 2 static aggregation group on both AC 1 and AC 2.
· Enable VLAN 10 at one end of the aggregate link to communicate with VLAN 10 at the other end.
· Enable VLAN 20 at one end of the aggregate link to communicate with VLAN 20 at the other end.
Configuration procedure
1. Configure AC 1:
# Create VLAN 10, and assign port GigabitEthernet 1/0/4 to VLAN 10.
<AC1> system-view
[AC1] vlan 10
[AC1-vlan10] port gigabitethernet 1/0/4
[AC1-vlan10] quit
# Create VLAN 20, and assign port GigabitEthernet 1/0/5 to VLAN 20.
[AC1] vlan 20
[AC1-vlan20] port gigabitethernet 1/0/5
[AC1-vlan20] quit
# Create Layer 2 aggregate interface Bridge-Aggregation 1.
[AC1] interface bridge-aggregation 1
[AC1-Bridge-Aggregation1] quit
# Assign ports GigabitEthernet 1/0/1 through GigabitEthernet 1/0/3 to link aggregation group 1.
[AC1] interface gigabitethernet 1/0/1
[AC1-GigabitEthernet1/0/1] port link-aggregation group 1
[AC1-GigabitEthernet1/0/1] quit
[AC1] interface gigabitethernet 1/0/2
[AC1-GigabitEthernet1/0/2] port link-aggregation group 1
[AC1-GigabitEthernet1/0/2] quit
[AC1] interface gigabitethernet 1/0/3
[AC1-GigabitEthernet1/0/3] port link-aggregation group 1
[AC1-GigabitEthernet1/0/3] quit
# Configure Layer 2 aggregate interface Bridge-Aggregation 1 as a trunk port and assign it to VLANs 10 and 20.
[AC1] interface bridge-aggregation 1
[AC1-Bridge-Aggregation1] port link-type trunk
[AC1-Bridge-Aggregation1] port trunk permit vlan 10 20
[AC1-Bridge-Aggregation1] quit
2. Configure AC 2 in the same way AC 1 is configured. (Details not shown.)
Verifying the configuration
# Display detailed information about all aggregation groups on AC 1.
[AC1] display link-aggregation verbose
Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing
Port Status: S -- Selected, U -- Unselected, I -- Individual
Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation,
D -- Synchronization, E -- Collecting, F -- Distributing,
G -- Defaulted, H -- Expired
Aggregate Interface: Bridge-Aggregation1
Aggregation Mode: Static
Loadsharing Type: Shar
Port Status Priority Oper-Key
--------------------------------------------------------------------------------
GE1/0/1 S 32768 1
GE1/0/2 S 32768 1
GE1/0/3 S 32768 1
The output shows that link aggregation group 1 is a Layer 2 static aggregation group that contains three Selected ports.
Layer 2 dynamic aggregation configuration example
Network requirements
On the network shown in Figure 7, perform the following tasks:
· Configure a Layer 2 dynamic aggregation group on both AC 1 and AC 2.
· Enable VLAN 10 at one end of the aggregate link to communicate with VLAN 10 at the other end.
· Enable VLAN 20 at one end of the aggregate link to communicate with VLAN 20 at the other end.
Configuration procedure
1. Configure AC 1:
# Create VLAN 10, and assign the port GigabitEthernet 1/0/4 to VLAN 10.
<AC1> system-view
[AC1] vlan 10
[AC1-vlan10] port gigabitethernet 1/0/4
[AC1-vlan10] quit
# Create VLAN 20, and assign the port GigabitEthernet 1/0/5 to VLAN 20.
[AC1] vlan 20
[AC1-vlan20] port gigabitethernet 1/0/5
[AC1-vlan20] quit
# Create Layer 2 aggregate interface Bridge-Aggregation 1, and set the link aggregation mode to dynamic.
[AC1] interface bridge-aggregation 1
[AC1-Bridge-Aggregation1] link-aggregation mode dynamic
[AC1-Bridge-Aggregation1] quit
# Assign ports GigabitEthernet 1/0/1 through GigabitEthernet 1/0/3 to link aggregation group 1.
[AC1] interface gigabitethernet 1/0/1
[AC1-GigabitEthernet1/0/1] port link-aggregation group 1
[AC1-GigabitEthernet1/0/1] quit
[AC1] interface gigabitethernet 1/0/2
[AC1-GigabitEthernet1/0/2] port link-aggregation group 1
[AC1-GigabitEthernet1/0/2] quit
[AC1] interface gigabitethernet 1/0/3
[AC1-GigabitEthernet1/0/3] port link-aggregation group 1
[AC1-GigabitEthernet1/0/3] quit
# Configure Layer 2 aggregate interface Bridge-Aggregation 1 as a trunk port and assign it to VLANs 10 and 20.
[AC1] interface bridge-aggregation 1
[AC1-Bridge-Aggregation1] port link-type trunk
[AC1-Bridge-Aggregation1] port trunk permit vlan 10 20
[AC1-Bridge-Aggregation1] quit
2. Configure AC 2 in the same way AC 1 is configured. (Details not shown.)
Verifying the configuration
# Display detailed information about all aggregation groups on AC 1.
[AC1] display link-aggregation verbose
Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing
Port Status: S -- Selected, U -- Unselected, I -- Individual
Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation,
D -- Synchronization, E -- Collecting, F -- Distributing,
G -- Defaulted, H -- Expired
Aggregate Interface: Bridge-Aggregation1
Aggregation Mode: Dynamic
Loadsharing Type: Shar
System ID: 0x8000, 000f-e267-6c6a
Local:
Port Status Priority Oper-Key Flag
--------------------------------------------------------------------------------
GE1/0/1 S 32768 1 {ACDEF}
GE1/0/2 S 32768 1 {ACDEF}
GE1/0/3 S 32768 1 {ACDEF}
Remote:
Actor Partner Priority Oper-Key SystemID Flag
--------------------------------------------------------------------------------
GE1/0/1 1 32768 1 0x8000, 000f-e267-57ad {ACDEF}
GE1/0/2 2 32768 1 0x8000, 000f-e267-57ad {ACDEF}
GE1/0/3 3 32768 1 0x8000, 000f-e267-57ad {ACDEF}
The output shows that link aggregation group 1 is a Layer 2 dynamic aggregation group that contains three Selected ports.
Layer 2 aggregation load sharing configuration example
Network requirements
On the network shown in Figure 8, perform the following tasks:
· Configure Layer 2 static aggregation groups 1 and 2 on AC 1 and AC 2, respectively.
· Enable VLAN 10 at one end of the aggregate link to communicate with VLAN 10 at the other end.
· Enable VLAN 20 at one end of the aggregate link to communicate with VLAN 20 at the other end.
· Configure link aggregation groups 1 and 2 to distribute traffic across aggregation group member ports.
? Configure link aggregation group 1 to distribute packets based on source MAC addresses.
? Configure link aggregation group 2 to distribute packets based on destination MAC addresses.
Configuration procedure
1. Configure AC 1:
# Create VLAN 10, and assign the port GigabitEthernet 1/0/5 to VLAN 10.
<AC1> system-view
[AC1] vlan 10
[AC1-vlan10] port gigabitethernet 1/0/5
[AC1-vlan10] quit
# Create VLAN 20, and assign the port GigabitEthernet 1/0/6 to VLAN 20.
[AC1] vlan 20
[AC1-vlan20] port gigabitethernet 1/0/6
[AC1-vlan20] quit
# Create Layer 2 aggregate interface Bridge-Aggregation 1.
[AC1] interface bridge-aggregation 1
# Configure Layer 2 aggregation group 1 to distribute packets based on source MAC addresses.
[AC1-Bridge-Aggregation1] link-aggregation load-sharing mode source-mac
[AC1-Bridge-Aggregation1] quit
# Assign ports GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 to link aggregation group 1.
[AC1] interface gigabitethernet 1/0/1
[AC1-GigabitEthernet1/0/1] port link-aggregation group 1
[AC1-GigabitEthernet1/0/1] quit
[AC1] interface gigabitethernet 1/0/2
[AC1-GigabitEthernet1/0/2] port link-aggregation group 1
[AC1-GigabitEthernet1/0/2] quit
# Configure Layer 2 aggregate interface Bridge-Aggregation 1 as a trunk port and assign it to VLAN 10.
[AC1] interface bridge-aggregation 1
[AC1-Bridge-Aggregation1] port link-type trunk
[AC1-Bridge-Aggregation1] port trunk permit vlan 10
[AC1-Bridge-Aggregation1] quit
# Create Layer 2 aggregate interface Bridge-Aggregation 2.
[AC1] interface bridge-aggregation 2
# Configure Layer 2 aggregation group 2 to distribute packets based on destination MAC addresses.
[AC1-Bridge-Aggregation2] link-aggregation load-sharing mode destination-mac
[AC1-Bridge-Aggregation2] quit
# Assign ports GigabitEthernet 1/0/3 and GigabitEthernet 1/0/4 to link aggregation group 2.
[AC1] interface gigabitethernet 1/0/3
[AC1-GigabitEthernet1/0/3] port link-aggregation group 2
[AC1-GigabitEthernet1/0/3] quit
[AC1] interface gigabitethernet 1/0/4
[AC1-GigabitEthernet1/0/4] port link-aggregation group 2
[AC1-GigabitEthernet1/0/4] quit
# Configure Layer 2 aggregate interface Bridge-Aggregation 2 as a trunk port and assign it to VLAN 20.
[AC1] interface bridge-aggregation 2
[AC1-Bridge-Aggregation2] port link-type trunk
[AC1-Bridge-Aggregation2] port trunk permit vlan 20
[AC1-Bridge-Aggregation2] quit
2. Configure AC 2 in the same way AC 1 is configured. (Details not shown.)
Verifying the configuration
# Display detailed information about all aggregation groups on AC 1.
[AC1] display link-aggregation verbose
Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing
Port Status: S -- Selected, U -- Unselected, I -- Individual
Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation,
D -- Synchronization, E -- Collecting, F -- Distributing,
G -- Defaulted, H -- Expired
Aggregate Interface: Bridge-Aggregation1
Aggregation Mode: Static
Loadsharing Type: Shar
Port Status Priority Oper-Key
--------------------------------------------------------------------------------
GE1/0/1 S 32768 1
GE1/0/2 S 32768 1
Aggregate Interface: Bridge-Aggregation2
Aggregation Mode: Static
Loadsharing Type: Shar
Port Status Priority Oper-Key
--------------------------------------------------------------------------------
GE1/0/3 S 32768 2
GE1/0/4 S 32768 2
The output shows that:
· Link aggregation groups 1 and 2 are both load-shared Layer 2 static aggregation groups.
· Each aggregation group contains two Selected ports.
# Display all the group-specific load sharing modes on AC 1.
[AC1] display link-aggregation load-sharing mode interface
Bridge-Aggregation1 Load-Sharing Mode:
source-mac address
Bridge-Aggregation2 Load-Sharing Mode:
destination-mac address
The output shows that:
· Link aggregation group 1 distributes packets based on source MAC addresses.
· Link aggregation group 2 distributes packets based on destination MAC addresses.
Configuring VLANs
Overview
Ethernet is a family of shared-media LAN technologies based on the CSMA/CD mechanism. An Ethernet LAN is both a collision domain and a broadcast domain. Because the medium is shared, collisions and broadcasts are common in an Ethernet LAN. Typically, bridges and Layer 2 switches can reduce collisions in an Ethernet LAN. To confine broadcasts, a Layer 2 switch must use the Virtual Local Area Network (VLAN) technology.
VLANs enable a Layer 2 switch to break a LAN down into smaller broadcast domains, as shown in Figure 9.
A VLAN is logically divided on an organizational basis rather than on a physical basis. For example, you can assign all workstations and servers used by a particular workgroup to the same VLAN, regardless of their physical locations. Hosts in the same VLAN can directly communicate with one another. You need a router or a Layer 3 switch for hosts in different VLANs to communicate with one another.
All these VLAN features reduce bandwidth waste, improve LAN security, and enable flexible virtual group creation.
The term "switch" in this document refers to access controllers and access controller modules.
VLAN frame encapsulation
To identify Ethernet frames from different VLANs, IEEE 802.1Q inserts a four-byte VLAN tag between the destination and source MAC address (DA&SA) field and the Type field.
Figure 10 VLAN tag placement and format
A VLAN tag includes the following fields:
· TPID—16-bit tag protocol identifier that indicates whether a frame is VLAN-tagged. By default, the TPID value 0x8100 identifies a VLAN-tagged frame. A device vendor can set the TPID to a different value. For compatibility with a neighbor device, set the TPID value on the device to be the same as the neighbor device.
· Priority—3-bit long, identifies the 802.1p priority of the frame. For more information, see ACL and QoS Configuration Guide.
· CFI—1-bit long canonical format indicator that indicates whether the MAC addresses are encapsulated in the standard format when packets are transmitted across different media. Available values include:
? 0 (default)—The MAC addresses are encapsulated in the standard format.
? 1—The MAC addresses are encapsulated in a non-standard format.
This field is always set to 0 for Ethernet.
· VLAN ID—12-bit long, identifies the VLAN to which the frame belongs. The VLAN ID range is 0 to 4095. VLAN IDs 0 and 4095 are reserved, and VLAN IDs 1 to 4094 are user configurable.
The way a network device handles an incoming frame depends on whether the frame has a VLAN tag and the value of the VLAN tag (if any). For more information, see "Introduction."
Ethernet supports encapsulation formats Ethernet II, 802.3/802.2 LLC, 802.3/802.2 SNAP, and 802.3 raw. The Ethernet II encapsulation format is used here. For information about the VLAN tag fields in other frame encapsulation formats, see related protocols and standards.
For a frame that has multiple VLAN tags, the device handles it according to its outermost VLAN tag and transmits its inner VLAN tags as the payload.
Protocols and standards
IEEE 802.1Q, IEEE Standard for Local and Metropolitan Area Networks: Virtual Bridged Local Area Networks
Configuring basic VLAN settings
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. (Optional.) Create a VLAN and enter its view, or create a list of VLANs. |
vlan { vlan-id1 [ to vlan-id2 ] | all } |
By default, only the system default VLAN (VLAN 1) exists. |
3. Enter VLAN view. |
vlan vlan-id |
To configure a VLAN after you create a list of VLANs, you must perform this step. |
4. Set a name for the VLAN. |
name text |
By default, the name of a VLAN is VLAN vlan-id. The vlan-id argument specifies the VLAN ID in a four-digit format. If the VLAN ID has fewer than four digits, leading zeros are added. For example, the name of VLAN 100 is VLAN 0100. |
5. Set the description for the VLAN. |
description text |
By default, the description of a VLAN is VLAN vlan-id. The vlan-id argument specifies the VLAN ID in a four-digit format. If the VLAN ID has fewer than four digits, leading zeros are added. For example, the default description of VLAN 100 is VLAN 0100. |
|
NOTE: · As the system default VLAN, VLAN 1 cannot be created or deleted. · Before you delete a dynamic VLAN or a VLAN locked by an application, you must first remove the configuration from the VLAN. |
Configuring basic settings of a VLAN interface
Hosts of different VLANs use VLAN interfaces to communicate at Layer 3. VLAN interfaces are virtual interfaces and they do not exist as physical entities on devices. For each VLAN, you can create one VLAN interface and assign an IP address to it. The VLAN interface acts as the gateway of the VLAN to forward packets destined for another IP subnet at Layer 3.
Before you create a VLAN interface for a VLAN, create the VLAN first.
To configure basic settings of a VLAN interface:
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Create a VLAN interface and enter VLAN interface view. |
interface vlan-interface interface-number |
If the VLAN interface already exists, you enter its view directly. By default, no VLAN interface is created. |
3. Assign an IP address to the VLAN interface. |
ip address ip-address { mask | mask-length } [ sub ] |
By default, no IP address is assigned to a VLAN interface. |
4. Set the description for the VLAN interface. |
description text |
The default setting is the VLAN interface name. For example, Vlan-interface1 Interface. |
5. Set the MTU for the VLAN interface. |
mtu size |
The default setting is 1500 bytes. |
6. (Optional.) Set the expected bandwidth for the VLAN interface. |
bandwidth bandwidth-value |
By default, the expected bandwidth (in kbps) is the interface baud rate divided by 1000. |
7. (Optional.) Restore the default settings for the VLAN interface. |
default |
N/A |
8. (Optional.) Bring up the VLAN interface. |
undo shutdown |
By default, a VLAN interface is not manually shut down. |
Configuring port-based VLANs
Introduction
Port-based VLANs group VLAN members by port. A port forwards packets from a VLAN only after it is assigned to the VLAN.
Port link type
You can set the link type of a port to access, trunk, or hybrid. The port link type determines whether the port can be assigned to multiple VLANs. The link types use the following VLAN tag handling methods:
· Access—An access port can forward packets only from one VLAN and send these packets untagged. An access port is typically used in the following conditions:
? Connecting to a terminal device that does not support VLAN packets.
? In scenarios that do not distinguish VLANs.
· Trunk—A trunk port can forward packets from multiple VLANs. Except packets from the port VLAN ID (PVID), packets sent out of a trunk port are VLAN-tagged. Ports connecting network devices are typically configured as trunk ports.
· Hybrid—A hybrid port can forward packets from multiple VLANs. The tagging status of the packets forwarded by a hybrid port depends on the port configuration.
PVID
The PVID identifies the default VLAN of a port. Untagged packets received on a port are considered as the packets from the port PVID.
When you set the PVID for a port, follow these restrictions and guidelines:
· An access port can join only one VLAN. The VLAN to which the access port belongs is the PVID of the port.
· A trunk or hybrid port supports multiple VLANs and the PVID configuration.
· When you use the undo vlan command to delete the PVID of a port, either of the following events occurs depending on the port link type:
? For an access port, the PVID of the port changes to VLAN 1.
? For a hybrid or trunk port, the PVID setting of the port does not change.
You can use a nonexistent VLAN as the PVID for a hybrid or trunk port, but not for an access port.
· H3C recommends that you set the same PVID for a local port and its peer.
· To prevent a port from dropping untagged packets or PVID-tagged packets, assign the port to its PVID.
How ports of different link types handle frames
Actions |
Access |
Trunk |
Hybrid |
|
In the inbound direction for an untagged frame |
Tags the frame with the PVID tag. |
· If the PVID is permitted on the port, tags the frame with the PVID tag. · If not, drops the frame. |
||
In the inbound direction for a tagged frame |
· Receives the frame if its VLAN ID is the same as the PVID. · Drops the frame if its VLAN ID is different from the PVID. |
· Receives the frame if its VLAN is permitted on the port. · Drops the frame if its VLAN is not permitted on the port. |
||
In the outbound direction |
Removes the VLAN tag and sends the frame. |
· Removes the tag and sends the frame if the frame carries the PVID tag and the port belongs to the PVID. · Sends the frame without removing the tag if its VLAN is carried on the port but is different from the PVID. |
Sends the frame if its VLAN is permitted on the port. The tagging status of the frame depends on the port hybrid vlan command configuration. |
|
Assigning an access port to a VLAN
You can assign an access port to a VLAN in VLAN view or interface view.
Make sure the VLAN has been created.
Assign one or multiple access ports to a VLAN in VLAN view
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Enter VLAN view. |
vlan vlan-id |
N/A |
3. Assign one or multiple access ports to the VLAN. |
port interface-list |
By default, all ports belong to VLAN 1. |
Assign an access port to a VLAN in interface view
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Enter interface view. |
· Enter Layer 2 Ethernet interface view: · Enter Layer 2 aggregate interface view: |
N/A |
3. Set the port link type to access. |
port link-type access |
By default, all ports are access ports. |
4. (Optional.) Assign the access port to a VLAN. |
port access vlan vlan-id |
By default, all access ports belong to VLAN 1. |
Assigning a trunk port to a VLAN
A trunk port supports multiple VLANs. You can assign it to a VLAN in interface view.
When you assign a trunk port to a VLAN, follow these restrictions and guidelines:
· To change the link type of a port from trunk to hybrid, set the link type to access first.
· To enable a trunk port to transmit packets from its PVID, you must assign the trunk port to the PVID by using the port trunk permit vlan command.
To assign a trunk port to one or multiple VLANs:
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Enter interface view. |
· Enter Layer 2 Ethernet interface view: · Enter Layer 2 aggregate interface view: |
N/A |
3. Set the port link type to trunk. |
port link-type trunk |
By default, all ports are access ports. |
4. Assign the trunk port to the specified VLANs. |
port trunk permit vlan { vlan-id-list | all } |
By default, a trunk port permits only VLAN 1. |
5. (Optional.) Set the PVID for the trunk port. |
port trunk pvid vlan vlan-id |
The default setting is VLAN 1. |
Assigning a hybrid port to a VLAN
A hybrid port supports multiple VLANs. You can assign it to the specified VLANs in interface view. Make sure the VLANs have been created.
When you assign a hybrid port to a VLAN, follow these restrictions and guidelines:
· To change the link type of a port from trunk to hybrid, set the link type to access first.
· To enable a hybrid port to transmit packets from its PVID, you must assign the hybrid port to the PVID by using the port hybrid vlan command.
To assign a hybrid port to one or multiple VLANs:
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Enter interface view. |
· Enter Layer 2 Ethernet interface view: · Enter Layer 2 aggregate interface view: |
N/A |
3. Set the port link type to hybrid. |
port link-type hybrid |
By default, all ports are access ports. |
4. Assign the hybrid port to the specified VLANs. |
port hybrid vlan vlan-id-list { tagged | untagged } |
By default, the hybrid port is an untagged member of the VLAN to which the port belongs when its link type is access. |
5. (Optional.) Set the PVID for the hybrid port. |
port hybrid pvid vlan vlan-id |
By default, the PVID of a hybrid port is the ID of the VLAN to which the port belongs when its link type is access. |
Configuring a VLAN group
A VLAN group includes a set of VLANs.
On an authentication server, a VLAN group name represents a group of authorization VLANs. When an 802.1X user passes authentication, the authentication server assigns a VLAN group name to the device. The device then uses the received VLAN group name to match the locally configured VLAN group names. If a match is found, the device selects a VLAN from the group and assigns the VLAN to the user. For more information about 802.1X authentication, see Security Configuration Guide.
To configure a VLAN group:
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Create a VLAN group and enter VLAN group view. |
vlan-group group-name |
By default, no VLAN group exists. |
3. Add VLANs to the VLAN group. |
vlan-list vlan-id-list |
By default, no VLAN exists in a VLAN group. You can add multiple VLAN lists to a VLAN group. |
Displaying and maintaining VLANs
Execute display commands in any view and reset commands in user view.
Task |
Command |
Display VLAN interface information. |
display interface vlan-interface [ interface-number ] [ brief [ description | down ] ] |
Display VLAN information. |
display vlan [ vlan-id1 [ to vlan-id2 ] | all | dynamic | static ] |
Display brief VLAN information. |
|
Display VLAN group information. |
display vlan-group [ group-name ] |
Display hybrid ports or trunk ports on the device. |
display port { hybrid | trunk } |
Clear statistics on a port. |
reset counters interface vlan-interface [ interface-number ] |
Configuring loop detection
Overview
Incorrect network connections or configurations can create Layer 2 loops, which results in repeated transmission of broadcasts, multicasts, or unknown unicasts. The repeated transmissions can waste network resources and can paralyze networks. The loop detection mechanism immediately generates a log when a loop occurs so that you are promptly notified to adjust network connections and configurations. You can configure loop detection to shut down the looped port. Logs are maintained in the information center. For more information, see Network Management and Monitoring Configuration Guide.
Loop detection mechanism
The device detects loops by sending detection frames and then checking whether these frames return to any port on the device. If they do, the device considers that the port is on a looped link.
Figure 11 Ethernet frame header for loop detection
The Ethernet frame header for loop detection contains the following fields:
· DMAC—Destination MAC address of the frame, which is the multicast MAC address 010F-E200-0007. When a loop detection-enabled device receives a frame with this destination MAC address, it performs the following operations:
? Sends the frame to the CPU.
? Floods the frame in the VLAN from which the frame was originally received.
· SMAC—Source MAC address of the frame, which is the bridge MAC address of the sending device.
· TPID—Type of the VLAN tag, with the value of 0x8100.
· TCI—Information of the VLAN tag, including the priority and VLAN ID.
· Type—Protocol type, with the value of 0x8918.
Figure 12 Inner frame header for loop detection
The inner frame header for loop detection contains the following fields:
· Code—Protocol sub-type, which is 0x0001, indicating the loop detection protocol.
· Version—Protocol version, which is always 0x0000.
· Length—Length of the frame. The value includes the inner header, but excludes the Ethernet header.
· Reserved—This field is reserved.
Frames for loop detection are encapsulated as TLV triplets.
Table 3 TLVs supported by loop detection
TLV |
Description |
Remarks |
End of PDU |
End of a PDU. |
Optional. |
Device ID |
Bridge MAC address of the sending device. |
Required. |
Port ID |
ID of the PDU sending port. |
Optional. |
Port Name |
Name of the PDU sending port. |
Optional. |
System Name |
Device name. |
Optional. |
Chassis ID |
Chassis ID of the sending port. |
Optional. |
Slot ID |
Slot ID of the sending port. |
Optional. |
Sub Slot ID |
Sub-slot ID of the sending port. |
Optional. |
Loop detection interval
Loop protection actions
When the device detects a loop on a port, it generates a log but performs no action on the port by default. You can configure the device to take one of the following actions:
· Block—Disables the port from learning MAC addresses and blocks the port.
· No-learning—Disables the port from learning MAC addresses.
· Shutdown—Shuts down the port to disable it from receiving and sending any frames.
Port status auto recovery
When the device configured with the block or no-learning loop action detects a loop on a port, it performs the action and waits three loop detection intervals. If the device does not receive a loop detection frame within three loop detection intervals, it performs the following operations:
· Automatically sets the port to the forwarding state.
· Notifies the user of the event.
When the device configured with the shutdown action detects a loop on a port, the following events occur:
1. The device automatically shuts down the port.
2. The device automatically sets the port to the forwarding state after the detection timer set by using the shutdown-interval command expires. For more information about the shutdown-interval command, see Fundamentals Command Reference.
3. The device shuts down the port again if a loop is still detected on the port when the detection timer expires.
This process is repeated until the loop is removed.
|
NOTE: Incorrect recovery can occur when loop detection frames are discarded to reduce the load. To avoid this, use the shutdown action, or manually remove the loop. |
Loop detection configuration task list
Tasks at a glance |
(Required.) Enabling loop detection |
(Optional.) Setting the loop protection action |
(Optional.) Setting the loop detection interval |
Enabling loop detection
You can enable loop detection globally or on a per-port basis. The global configuration applies to all ports in the specified VLANs. The per-port configuration applies to the individual port only when the port belongs to the specified VLANs. Per-port configurations take precedence over global configurations.
When EVB is enabled on a Layer 2 Ethernet interface or Layer 2 aggregate interface, the loop detection feature does not take effect on the interface.
Enabling loop detection globally
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Globally enable loop detection. |
loopback-detection global enable vlan { vlan-id--list | all } |
Disabled by default. |
Enabling loop detection on a port
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view. |
interface interface-type interface-number |
N/A |
3. Enable loop detection on the port. |
loopback-detection enable vlan { vlan-id--list | all } |
Disabled by default. |
Setting the loop protection action
You can set the loop protection action globally or on a per-port basis. The global setting applies to all ports. The per-port setting applies to the individual ports. The per-port setting takes precedence over the global setting.
Setting the global loop protection action
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Set the global loop protection action. |
loopback-detection global action shutdown |
By default, the device generates a log but performs no action on the port on which a loop is detected. |
Setting the loop protection action on a Layer 2 Ethernet interface
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Enter Layer 2 Ethernet interface view. |
interface interface-type interface-number |
N/A |
3. Set the loop protection action on the interface. |
loopback-detection action { block | no-learning | shutdown } |
By default, the device generates a log but performs no action on the port on which a loop is detected. |
Setting the loop protection action on a Layer 2 aggregate interface
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Enter Layer 2 aggregate interface view. |
interface interface-type interface-number |
N/A |
3. Set the loop protection action on the interface. |
loopback-detection action shutdown |
By default, the device generates a log but performs no action on the port on which a loop is detected. |
Setting the loop detection interval
With loop detection enabled, the device sends loop detection frames at the loopback detection interval. A shorter interval offers more sensitive detection but consumes more resources. Consider the system performance and loop detection speed when you set the loop detection interval.
To set the loop detection interval:
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Set the loop detection interval. |
loopback-detection interval-time interval |
The default setting is 30 seconds. |
Displaying and maintaining loop detection
Execute display commands in any view.
Task |
Command |
Display the loop detection configuration and status. |
display loopback-detection |
Loop detection configuration example
Network requirements
As shown in Figure 13, configure loop detection on Device A to meet the following requirements:
· Device A generates a log as a notification.
· Device A automatically shuts down the port on which a loop is detected.
Configuration procedure
1. Configure Device A:
# Create VLAN 100, and globally enable loop detection for the VLAN.
<DeviceA> system-view
[DeviceA] vlan 100
[DeviceA-vlan100] quit
[DeviceA] loopback-detection global enable vlan 100
# Configure GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 as trunk ports, and assign them to VLAN 100.
[DeviceA] interface GigabitEthernet 1/0/1
[DeviceA-GigabitEthernet1/0/1] port link-type trunk
[DeviceA-GigabitEthernet1/0/1] port trunk permit vlan 100
[DeviceA-GigabitEthernet1/0/1] quit
[DeviceA] interface gigabitethernet 1/0/2
[DeviceA-GigabitEthernet1/0/2] port link-type trunk
[DeviceA-GigabitEthernet1/0/2] port trunk permit vlan 100
[DeviceA-GigabitEthernet1/0/2] quit
# Set the global loop protection action to shutdown.
[DeviceA] loopback-detection global action shutdown
# Set the loop detection interval to 35 seconds.
[DeviceA] loopback-detection interval-time 35
2. Configure Device B:
# Create VLAN 100.
<DeviceB> system-view
[DeviceB] vlan 100
[DeviceB–vlan100] quit
# Configure GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 as trunk ports, and assign them to VLAN 100.
[DeviceB] interface GigabitEthernet 1/0/1
[DeviceB-GigabitEthernet1/0/1] port link-type trunk
[DeviceB-GigabitEthernet1/0/1] port trunk permit vlan 100
[DeviceB-GigabitEthernet1/0/1] quit
[DeviceB] interface gigabitethernet 1/0/2
[DeviceB-GigabitEthernet1/0/2] port link-type trunk
[DeviceB-GigabitEthernet1/0/2] port trunk permit vlan 100
[DeviceB-GigabitEthernet1/0/2] quit
3. Configure Device C:
# Create VLAN 100.
<DeviceC> system-view
[DeviceC] vlan 100
[DeviceC–vlan100] quit
# Configure GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 as trunk ports, and assign them to VLAN 100.
[DeviceC] interface GigabitEthernet 1/0/1
[DeviceC-GigabitEthernet1/0/1] port link-type trunk
[DeviceC-GigabitEthernet1/0/1] port trunk permit vlan 100
[DeviceC-GigabitEthernet1/0/1] quit
[DeviceC] interface gigabitethernet 1/0/2
[DeviceC-GigabitEthernet1/0/2] port link-type trunk
[DeviceC-GigabitEthernet1/0/2] port trunk permit vlan 100
[DeviceC-GigabitEthernet1/0/2] quit
Verifying the configuration
# View the system logs on devices, for example, Device A.
[DeviceA]
%Feb 24 15:04:29:663 2013 DeviceA LPDT/4/LPDT LOOPED: Loopback exists on GigabitEthernet1/0/1.
%Feb 24 15:04:29:667 2013 DeviceA LPDT/4/LPDT LOOPED: Loopback exists on GigabitEthernet1/0/2.
%Feb 24 15:04:44:243 2013 DeviceA LPDT/5/LPDT RECOVERED: Loopback on GigabitEthernet1/0/1 recovered.
%Feb 24 15:04:44:248 2013 DeviceA LPDT/5/LPDT RECOVERED: Loopback on GigabitEthernet1/0/2 recovered.
The output shows the following information:
· Device A detected loops on ports GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 within a loop detection interval.
· Loops on ports GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 were removed.
# Use the display loopback-detection command to display the loop detection configuration and status on devices, for example, Device A.
[DeviceA] display loopback-detection
Loop detection is enabled.
Loop detection interval is 35 second(s).
No loopback is detected.
The output shows that the device has removed the loops from GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 according to the shutdown action.
# Display the status of GigabitEthernet 1/0/1 on devices, for example, Device A.
[DeviceA] display interface gigabitethernet 1/0/1
GigabitEthernet1/0/1 current state: DOWN (Loop detection down)
...
The output shows that GigabitEthernet 1/0/1 is already shut down by the loop detection module.
# Display the status of GigabitEthernet 1/0/2 on devices, for example, Device A.
[DeviceA] display interface gigabitethernet 1/0/2
GigabitEthernet1/0/2 current state: DOWN (Loop detection down)
...
The output shows that GigabitEthernet 1/0/2 is already shut down by the loop detection module.
Configuring spanning tree protocols
Spanning tree protocols eliminate loops in a physical link-redundant network by selectively blocking redundant links and putting them in a standby state.
The recent versions of STP include the Rapid Spanning Tree Protocol (RSTP), the Per-VLAN Spanning Tree (PVST), and the Multiple Spanning Tree Protocol (MSTP).
STP
STP was developed based on the 802.1d standard of IEEE to eliminate loops at the data link layer in a LAN. Networks often have redundant links as backups in case of failures, but loops are a very serious problem. Devices running STP detect loops in the network by exchanging information with one another. They eliminate loops by selectively blocking certain ports to prune the loop structure into a loop-free tree structure. This avoids proliferation and infinite cycling of packets that would occur in a loop network.
In a narrow sense, STP refers to IEEE 802.1d STP. In a broad sense, STP refers to the IEEE 802.1d STP and various enhanced spanning tree protocols derived from that protocol.
STP protocol frames
STP uses bridge protocol data units (BPDUs), also known as configuration messages, as its protocol frames. This chapter uses BPDUs to represent all types of spanning tree protocol frames.
STP-enabled devices exchange BPDUs to establish a spanning tree. BPDUs contain sufficient information for the devices to complete spanning tree calculation.
STP uses two types of BPDUs, configuration BPDUs and topology change notification (TCN) BPDUs.
Configuration BPDUs
Devices exchange configuration BPDUs to elect the root bridge and determine port roles. Figure 14 shows the configuration BPDU format.
Figure 14 Configuration BPDU format
The payload of a configuration BPDU includes the following fields:
· Protocol ID—Fixed at 0x0000, which represents IEEE 802.1d.
· Protocol version ID—Spanning tree protocol version ID. The protocol version ID for STP is 0x00.
· BPDU type—Type of the BPDU. The value is 0x00 for a configuration BPDU.
· Flags—An 8-bit field indicates the purpose of the BPDU. The lowest bit is the Topology Change (TC) flag. The highest bit is the Topology Change Acknowledge (TCA) flag. All other bits are reserved.
· Root ID—Root bridge ID formed by the priority and MAC address of the root bridge.
· Root path cost—Cost of the path to the root bridge.
· Bridge ID—Designated bridge ID formed by the priority and MAC address of the designated bridge.
· Port ID—Designated port ID formed by the priority and global port number of the designated port.
· Message age—Age of the configuration BPDU while it propagates in the network.
· Max age—Maximum age of the configuration BPDU stored on the switch.
· Hello time—Configuration BPDU transmission interval.
· Forward delay—Delay for STP bridges to transit port state.
Devices use the root bridge ID, root path cost, designated bridge ID, designated port ID, message age, max age, hello time, and forward delay for spanning tree calculation.
TCN BPDUs
Devices use TCN BPDUs to announce changes in the network topology. Figure 15 shows the TCN BPDU format.
The payload of a TCN BPDU includes the following fields:
· Protocol ID—Fixed at 0x0000, which represents IEEE 802.1d.
· Protocol version ID—Spanning tree protocol version ID. The protocol version ID for STP is 0x00.
· BPDU type—Type of the BPDU. The value is 0x80 for a TCN BPDU.
A non-root bridge sends TCN BPDUs when one of the following events occurs on the bridge:
· A port transits to the forwarding state, and the bridge has a minimum of one designated port.
· A port transits from the forwarding or learning state to the blocking state.
The non-root bridge uses TCN BPDUs to notify the root bridge once the network topology changes. The root bridge then sets the TC flag in its configuration BPDU and propagates it to other bridges.
Basic concepts in STP
Root bridge
A tree network must have a root bridge. The entire network contains only one root bridge, and all the other bridges in the network are called leaf nodes. The root bridge is not permanent, but can change with changes of the network topology.
Upon initialization of a network, each device generates and periodically sends configuration BPDUs, with itself as the root bridge. After network convergence, only the root bridge generates and periodically sends configuration BPDUs. The other devices only forward the BPDUs.
Root port
Designated bridge and designated port
Classification |
Designated bridge |
Designated port |
For a device |
Device directly connected to the local device and responsible for forwarding BPDUs to the local device |
Port through which the designated bridge forwards BPDUs to this device |
For a LAN |
Device responsible for forwarding BPDUs to this LAN segment |
Port through which the designated bridge forwards BPDUs to this LAN segment |
As shown in Figure 16, Device B and Device C are directly connected to a LAN.
If Device A forwards BPDUs to Device B through port A1, the designated bridge and designated port are as follows:
· The designated bridge for Device B is Device A.
· The designated port for Device B is port A1 on Device A.
If Device B forwards BPDUs to the LAN, the designated bridge and designated port are as follows:
· The designated bridge for the LAN is Device B.
· The designated port for the LAN is port B2 on Device B.
Figure 16 Designated bridges and designated ports
Port states
Table 4 lists the port states in STP.
State |
Receives/sends BPDUs |
Learns MAC addresses |
Forwards user data |
Disabled |
No |
No |
No |
Listening |
Yes |
No |
No |
Learning |
Yes |
Yes |
No |
Forwarding |
Yes |
Yes |
Yes |
Blocking |
Receive |
No |
No |
Path cost
Path cost is a reference value used for link selection in STP. To prune the network into a loop-free tree, STP calculates path costs to select the most robust links and block redundant links that are less robust.
Calculation process of the STP algorithm
The spanning tree calculation process described in the following sections is an example of a simplified process.
Calculation process
The STP algorithm uses the following calculation process:
1. Network initialization.
Upon initialization of a device, each port generates a BPDU with the following contents:
? The port as the designated port.
? The device as the root bridge.
? 0 as the root path cost.
? The device ID as the designated bridge ID.
2. Root bridge selection.
Initially, each STP-enabled device on the network assumes itself to be the root bridge, with its own device ID as the root bridge ID. By exchanging configuration BPDUs, the devices compare their root bridge IDs to elect the device with the smallest root bridge ID as the root bridge.
3. Root port and designated ports selection on the non-root bridges.
Step |
Description |
1 |
A non-root-bridge device regards the port on which it received the optimum configuration BPDU as the root port. Table 5 describes how the optimum configuration BPDU is selected. |
2 |
Based on the configuration BPDU and the path cost of the root port, the device calculates a designated port configuration BPDU for each of the other ports. · The root bridge ID is replaced with that of the configuration BPDU of the root port. · The root path cost is replaced with that of the configuration BPDU of the root port plus the path cost of the root port. · The designated bridge ID is replaced with the ID of this device. · The designated port ID is replaced with the ID of this port. |
3 |
The device compares the calculated configuration BPDU with the configuration BPDU on the port whose port role will be determined. Then, the device acts depending on the result of the comparison: · If the calculated configuration BPDU is superior, the device performs the following operations: ? Considers this port as the designated port. ? Replaces the configuration BPDU on the port with the calculated configuration BPDU. ? Periodically sends the calculated configuration BPDU. · If the configuration BPDU on the port is superior, the device blocks this port without updating its configuration BPDU. The blocked port can receive BPDUs, but cannot send BPDUs or forward data traffic. |
When the network topology is stable, only the root port and designated ports forward user traffic. Other ports are all in the blocking state to receive BPDUs but not to forward BPDUs or user traffic.
Table 5 Selecting the optimum configuration BPDU
Step |
Actions |
1 |
Upon receiving a configuration BPDU on a port, the device compares the priority of the received configuration BPDU with that of the configuration BPDU generated by the port. · If the former priority is lower, the device discards the received configuration BPDU and keeps the configuration BPDU the port generated. · If the former priority is higher, the device replaces the content of the configuration BPDU generated by the port with the content of the received configuration BPDU. |
2 |
The device compares the configuration BPDUs of all the ports and chooses the optimum configuration BPDU. |
The following are the principles of configuration BPDU comparison:
a. The configuration BPDU with the lowest root bridge ID has the highest priority.
b. If configuration BPDUs have the same root bridge ID, their root path costs are compared. For example, the root path cost in a configuration BPDU plus the path cost of a receiving port is S. The configuration BPDU with the smallest S value has the highest priority.
c. If all configuration BPDUs have the same root bridge ID and S value, the following attributes are compared in sequence:
- Designated bridge IDs.
- Designated port IDs.
- IDs of the receiving ports.
The configuration BPDU that contains a smaller designated bridge ID, designated port ID, or receiving port ID is selected.
A tree-shape topology forms when the root bridge, root ports, and designated ports are selected.
Example of STP calculation
Figure 17 provides an example showing how the STP algorithm works.
As shown in Figure 17, the priority values of Device A, Device B, and Device C are 0, 1, and 2, respectively. The path costs of links among the three devices are 5, 10, and 4.
1. Device state initialization.
In Table 6, each configuration BPDU contains the following fields: root bridge ID, root path cost, designated bridge ID, and designated port ID.
Table 6 Initial state of each device
Device |
Port name |
Configuration BPDU on the port |
Device A |
Port A1 |
{0, 0, 0, Port A1} |
Port A2 |
{0, 0, 0, Port A2} |
|
Device B |
Port B1 |
{1, 0, 1, Port B1} |
Port B2 |
{1, 0, 1, Port B2} |
|
Device C |
Port C1 |
{2, 0, 2, Port C1} |
Port C2 |
{2, 0, 2, Port C2} |
2. Configuration BPDUs comparison on each device.
In Table 7, each configuration BPDU contains the following fields: root bridge ID, root path cost, designated bridge ID, and designated port ID.
Table 7 Comparison process and result on each device
Device |
Comparison process |
Configuration BPDU on ports after comparison |
Device A |
Port A1 performs the following operations: 3. Receives the configuration BPDU of Port B1 {1, 0, 1, Port B1}. 4. Determines that its existing configuration BPDU {0, 0, 0, Port A1} is superior to the received configuration BPDU. 5. Discards the received one. Port A2 performs the following operations: 6. Receives the configuration BPDU of Port C1 {2, 0, 2, Port C1}. 7. Determines that its existing configuration BPDU {0, 0, 0, Port A2} is superior to the received configuration BPDU. 8. Discards the received one. Device A determines that it is both the root bridge and designated bridge in the configuration BPDUs of all its ports. It considers itself as the root bridge. It does not change the configuration BPDU of any port and starts to periodically send configuration BPDUs. |
· Port A1: {0, 0, 0, Port A1} · Port A2: {0, 0, 0, Port A2} |
Device B |
Port B1 performs the following operations: 9. Receives the configuration BPDU of Port A1 {0, 0, 0, Port A1}. 10. Determines that the received configuration BPDU is superior to its existing configuration BPDU {1, 0, 1, Port B1}. 11. Updates its configuration BPDU. Port B2 performs the following operations: 12. Receives the configuration BPDU of Port C2 {2, 0, 2, Port C2}. 13. Determines that its existing configuration BPDU {1, 0, 1, Port B2} is superior to the received configuration BPDU. 14. Discards the received BPDU. |
· Port B1: {0, 0, 0, Port A1} · Port B2: {1, 0, 1, Port B2} |
Device B performs the following operations: 15. Compares the configuration BPDUs of all its ports. 16. Decides that the configuration BPDU of Port B1 is the optimum. 17. Selects Port B1 as the root port with the configuration BPDU unchanged. Based on the configuration BPDU and path cost of the root port, Device B calculates a designated port configuration BPDU for Port B2 {0, 5, 1, Port B2}. Device B compares it with the existing configuration BPDU of Port B2 {1, 0, 1, Port B2}. Device B determines that the calculated one is superior, and determines that Port B2 is the designated port. It replaces the configuration BPDU on Port B2 with the calculated one, and periodically sends the calculated configuration BPDU. |
· Root port (Port B1): {0, 0, 0, Port A1} · Designated port (Port B2): {0, 5, 1, Port B2} |
|
Device C |
Port C1 performs the following operations: 18. Receives the configuration BPDU of Port A2 {0, 0, 0, Port A2}. 19. Determines that the received configuration BPDU is superior to its existing configuration BPDU {2, 0, 2, Port C1}. 20. Updates its configuration BPDU. Port C2 performs the following operations: 21. Receives the original configuration BPDU of Port B2 {1, 0, 1, Port B2}. 22. Determines that the received configuration BPDU is superior to the existing configuration BPDU {2, 0, 2, Port C2}. 23. Updates its configuration BPDU. |
· Port C1: {0, 0, 0, Port A2} · Port C2: {1, 0, 1, Port B2} |
Device C performs the following operations: 24. Compares the configuration BPDUs of all its ports. 25. Decides that the configuration BPDU of Port C1 is the optimum. 26. Selects Port C1 as the root port with the configuration BPDU unchanged. Based on the configuration BPDU and path cost of the root port, Device C calculates the configuration BPDU of Port C2 {0, 10, 2, Port C2}. Device C compares it with the existing configuration BPDU of Port C2 {1, 0, 1, Port B2}. Device C determines that the calculated configuration BPDU is superior to the existing one, selects Port C2 as the designated port, and replaces the configuration BPDU of Port C2 with the calculated one. |
· Root port (Port C1): {0, 0, 0, Port A2} · Designated port (Port C2): {0, 10, 2, Port C2} |
|
Port C2 performs the following operations: 27. Receives the updated configuration BPDU of Port B2 {0, 5, 1, Port B2}. 28. Determines that the received configuration BPDU is superior to its existing configuration BPDU {0, 10, 2, Port C2}. 29. Updates its configuration BPDU. Port C1 performs the following operations: 30. Receives a periodic configuration BPDU {0, 0, 0, Port A2} from Port A2. 31. Determines that it is the same as the existing configuration BPDU. 32. Discards the received BPDU. |
· Port C1: {0, 0, 0, Port A2} · Port C2: {0, 5, 1, Port B2} |
|
Device C determines that the root path cost of Port C1 is larger than that of Port C2. The root path cost of Port C1 is 10, root path cost of the received configuration BPDU (0) plus path cost of Port C1 (10). The root path cost of Port C2 is 9, root path cost of the received configuration BPDU (5) plus path cost of Port C2 (4). Device C determines that the configuration BPDU of Port C2 is the optimum, and selects Port C2 as the root port with the configuration BPDU unchanged. Based on the configuration BPDU and path cost of the root port, Device C performs the following operations: 33. Calculates a designated port configuration BPDU for Port C1 {0, 9, 2, Port C1}. 34. Compares it with the existing configuration BPDU of Port C1 {0, 0, 0, Port A2}. 35. Determines that the existing configuration BPDU is superior to the calculated one and blocks Port C1 with the configuration BPDU unchanged. Port C1 does not forward data until a new event triggers a spanning tree calculation process: for example, the link between Device B and Device C is down. |
· Blocked port (Port C1): {0, 0, 0, Port A2} · Root port (Port C2): {0, 5, 1, Port B2} |
After the comparison processes described in Table 7, a spanning tree with Device A as the root bridge is established, as shown in Figure 18.
Figure 18 The final calculated spanning tree
The configuration BPDU forwarding mechanism of STP
The configuration BPDUs of STP are forwarded according to these guidelines:
· Upon network initiation, every device regards itself as the root bridge and generates configuration BPDUs with itself as the root. Then it sends the configuration BPDUs at a regular hello interval.
· If the root port receives a configuration BPDU superior to the configuration BPDU of the port, the device performs the following operations:
? Increases the message age carried in the configuration BPDU.
? Starts a timer to time the configuration BPDU.
? Sends this configuration BPDU through the designated port.
· If a designated port receives a configuration BPDU with a lower priority than its configuration BPDU, the port immediately responds with its configuration BPDU.
· If a path fails, the root port on this path no longer receives new configuration BPDUs and the old configuration BPDUs will be discarded due to timeout. The device generates a configuration BPDU with itself as the root and sends the BPDUs and TCN BPDUs. This triggers a new spanning tree calculation process to establish a new path to restore the network connectivity.
However, the newly calculated configuration BPDU cannot be propagated throughout the network immediately. As a result, the old root ports and designated ports that have not detected the topology change continue forwarding data along the old path. If the new root ports and designated ports begin to forward data as soon as they are elected, a temporary loop might occur.
STP timers
The most important timing parameters in STP calculation are forward delay, hello time, and max age.
· Forward delay
Forward delay is the delay time for port state transition. By default, the forward delay is 15 seconds.
A path failure can cause spanning tree re-calculation to adapt the spanning tree structure to the change. However, the resulting new configuration BPDU cannot propagate throughout the network immediately. If the newly elected root ports and designated ports start to forward data immediately, a temporary loop will likely occur.
The newly elected root ports or designated ports must go through the listening and learning states before they transit to the forwarding state. This requires twice the forward delay time and allows the new configuration BPDU to propagate throughout the network.
· Hello time
The device sends configuration BPDUs at the hello time interval to the neighboring devices to ensure that the paths are fault-free. By default, the hello time is 2 seconds. If the device does not receive configuration BPDUs within the timeout period, it recalculates the spanning tree. The formula for calculating the timeout period is timeout period = timeout factor × 3 × hello time.
· Max age
The device uses the max age to determine whether a stored configuration BPDU has expired and discards it if the max age is exceeded. By default, the max age is 20 seconds. In the CIST of an MSTP network, the device uses the max age timer to determine whether a configuration BPDU received by a port has expired. If it is expired, a new spanning tree calculation process starts. The max age timer does not take effect on MSTIs.
If a port does not receive any configuration BPDUs within the timeout period, the port transits to the listening state. The device will recalculate the spanning tree. It takes the port 50 seconds to transit back to the forwarding state. This period includes 20 seconds for the max age, 15 seconds for the listening state, and 15 seconds for the learning state.
To ensure a fast topology convergence, make sure the timer settings meet the following formulas:
· 2 × (forward delay – 1 second) ≥ max age
· Max age ≥ 2 × (hello time + 1 second)
RSTP
RSTP achieves rapid network convergence by allowing a newly elected root port or designated port to enter the forwarding state much faster than STP.
RSTP protocol frames
An RSTP BPDU uses the same format as an STP BPDU except that a Version1 length field is added to the payload of RSTP BPDUs. The differences between an RSTP BPDU and an STP BPDU are as follows:
· Protocol version ID—The value is 0x02 for RSTP.
· BPDU type—The value is 0x02 for RSTP BPDUs.
· Flags—All 8 bits are used.
· Version1 length—The value is 0x00, which means no version 1 protocol information is present.
RSTP does not use TCN BPDUs to advertise topology changes. RSTP floods BPDUs with the TC flag set in the network to advertise topology changes.
Basic concepts in RSTP
Port roles
In addition to root port and designated port, RSTP also uses the following port roles:
· Alternate port—Acts as the backup port for a root port. When the root port is blocked, the alternate port takes over.
· Backup port—Acts as the backup port of a designated port. When the designated port is invalid, the backup port becomes the new designated port. A loop occurs when two ports of the same spanning tree device are connected, so the device blocks one of the ports. The blocked port is the backup port.
· Edge port—Directly connects to a user host rather than a network device or network segment.
Port states
RSTP uses the discarding state to replace the disabled, blocking, and listening states in STP. Table 8 shows the differences between the port states in RSTP and STP.
Table 8 Port state differences between RSTP and STP
STP port state |
RSTP port state |
Sends BPDU |
Learns MAC addresses |
Forwards user data |
Disabled |
Discarding |
No |
No |
No |
Blocking |
Discarding |
No |
No |
No |
Listening |
Discarding |
Yes |
No |
No |
Learning |
Learning |
Yes |
Yes |
No |
Forwarding |
Forwarding |
Yes |
Yes |
Yes |
How RSTP works
During RSTP calculation, the following events occur:
· If a port in discarding state becomes an alternate port, it retains its state.
· If a port in discarding state is elected as the root port or designated port, it enters the learning state after the forward delay. The port learns MAC addresses, and enters the forwarding state after another forward delay.
? A newly elected RSTP root port rapidly enters the forwarding state if the following requirements are met:
- The old root port on the device has stopped forwarding data.
- The upstream designated port has started forwarding data.
? A newly elected RSTP designated port rapidly enters the forwarding state if one of the following requirements is met:
- The designated port is configured as an edge port which directly connects to a user terminal.
- The designated port connects to a point-to-point link and receives a handshake response from the directly connected device.
RSTP BPDU processing
In RSTP, a non-root bridge actively sends RSTP BPDUs at the hello time through designated ports without waiting for the root bridge to send RSTP BPDUs. This enables RSTP to quickly detect link failures. If a device fails to receive any RSTP BPDUs on a port within triple the hello time, the device considers that a link failure has occurred. After the stored configuration BPDU expires, the device floods RSTP BPDUs with the TC flag set to initiate a new RSTP calculation.
In RSTP, a port in blocking state can immediately respond to an RSTP BPDU with a lower priority than its own BPDU.
As shown in Figure 19, Device A is the root bridge. The priority of Device B is higher than the priority of Device C. GigabitEthernet 1/0/2 on Device C is blocked.
When the link between Device A and Device B fails, the following events occur:
1. Device B sends an RSTP BPDU with itself as the root bridge to Device C.
2. Device C compares the RSTP BPDU with its own BPDU.
3. Because the RSTP BPDU from Device B has a lower priority, Device C sends its own BPDU to Device B.
4. Device B considers that GigabitEthernet 1/0/2 is the root port and stops sending RSTP BPDUs to Device C.
Figure 19 BPDU processing in RSTP
PVST
In an STP- or RSTP-enabled LAN, all bridges share one spanning tree. Traffic from all VLANs is forwarded along the spanning tree, and ports cannot be blocked on a per-VLAN basis to prune loops.
PVST allows every VLAN to have its own spanning tree, which increases usage of links and bandwidth. Because each VLAN runs RSTP independently, a spanning tree only serves its VLAN.
A PVST-enabled H3C device can communicate with a third-party device that is running Rapid PVST or PVST. The PVST-enabled H3C device supports fast network convergence like RSTP when connected to PVST-enabled H3C devices or third-party devices enabled with Rapid PVST.
PVST protocol frames
As shown in Figure 20, a PVST BPDU uses the same format as an RSTP BPDU except the following differences:
· The destination MAC address of a PVST BPDU is 01-00-0c-cc-cc-cd, which is a private MAC address.
· Each PVST BPDU carries a VLAN tag. The VLAN tag identifies the VLAN to which the PVST BPDU belongs.
· The organization code and PID fields are added to the LLC header of the PVST BPDU.
A port's link type determines the type of BPDUs the port sends.
· An access port sends RSTP BPDUs.
· A trunk or hybrid port sends RSTP BPDUs in the default VLAN and sends PVST BPDUs in other VLANs.
Basic concepts in PVST
PVST uses the same port roles and port states as RSTP for fast convergence. For more information, see "Basic concepts in RSTP."
How PVST works
PVST implements per-VLAN spanning tree calculation by mapping each VLAN to an MSTI. In PVST, each VLAN runs RSTP independently to maintain its own spanning tree without affecting the spanning trees of other VLANs. In this way, loops in each VLAN are eliminated and traffic of different VLANs is load shared over links. PVST uses RSTP BPDUs in the default VLAN and PVST BPDUs in other VLANs for spanning tree calculation.
MSTP
MSTP overcomes the following STP, RSTP, and PVST limitations:
· STP limitations—STP does not support rapid state transition of ports. A newly elected port must wait twice the forward delay time before it transits to the forwarding state.
· RSTP limitations—Although RSTP enables faster network convergence than STP, RSTP fails to provide load balancing among VLANs. As with STP, all RSTP bridges in a LAN share one spanning tree and forward frames from all VLANs along this spanning tree.
· PVST limitations—Because each VLAN has its spanning tree, the amount of PVST BPDUs is proportional to the number of VLANs on a trunk or hybrid port. When the trunk or hybrid port permits too many VLANs, both resources and calculations for maintaining the VLAN spanning trees increase dramatically. If a status change occurs on the trunk or hybrid port that permits multiple VLANs, the device CPU will be overburdened with recalculating the affected spanning trees. As a result, network performance is degraded.
MSTP features
Developed based on IEEE 802.1s, MSTP overcomes the limitations of STP, RSTP, and PVST. In addition to supporting rapid network convergence, it allows data flows of different VLANs to be forwarded along separate paths. This provides a better load sharing mechanism for redundant links.
MSTP provides the following features:
· MSTP divides a switched network into multiple regions, each of which contains multiple spanning trees that are independent of one another.
· MSTP supports mapping VLANs to spanning tree instances by means of a VLAN-to-instance mapping table. MSTP can reduce communication overheads and resource usage by mapping multiple VLANs to one instance.
· MSTP prunes a loop network into a loop-free tree, which avoids proliferation and endless cycling of frames in a loop network. In addition, it supports load balancing of VLAN data by providing multiple redundant paths for data forwarding.
· MSTP is compatible with STP and RSTP, and partially compatible with PVST.
MSTP protocol frames
Figure 21 shows the format of an MSTP BPDU.
The first 13 fields of an MSTP BPDU are the same as an RSTP BPDU. The other six fields are unique to MSTP.
· Protocol version ID—The value is 0x03 for MSTP.
· BPDU type—The value is 0x02 for RSTP/MSTP BPDUs.
· Root ID—ID of the common root bridge.
· Root path cost—CIST external path cost.
· Bridge ID—ID of the regional root for the IST or an MSTI.
· Port ID—ID of the designated port in the CIST.
· Version3 length—Length of the MSTP-specific fields. Devices use this field for verification upon receiving an MSTP BPDU.
· MST configuration ID—Includes the format selector, configuration name, revision level, and configuration digest. The value for format selector is fixed at 0x00. The other parameters are used to identify the MST region for the originating bridge.
· CIST IRPC—Internal root path cost (IRPC) from the originating bridge to the root of the MST region.
· CIST bridge ID—ID of the bridge that sends the MSTP BPDU.
· CIST remaining ID—Remaining hop count. This field limits the scale of the MST region. The regional root sends a BPDU with the remaining hop count set to the maximum value. Each device that receives the BPDU decrements the hop count by one. When the hop count reaches zero, the BPDU is discarded. Devices beyond the maximum hops of the MST region cannot participate in spanning tree calculation. The default remaining hop count is 20.
· MSTI configuration messages—Contains MSTI configuration messages. Each MSTI configuration message is 16 bytes. This field can contain 0 to 64 MSTI configuration messages. The number of the MSTI configuration messages is determined by the number of MSTIs in the MST region.
Basic concepts in MSTP
Figure 22 shows a switched network that contains four MST regions, each MST region containing four MSTP devices. Figure 23 shows the networking topology of MST region 3.
Figure 22 Basic concepts in MSTP
Figure 23 Network diagram and topology of MST region 3
MST region
A multiple spanning tree region (MST region) consists of multiple devices in a switched network and the network segments among them. All these devices have the following characteristics:
· A spanning tree protocol enabled
· Same region name
· Same VLAN-to-instance mapping configuration
· Same MSTP revision level
· Physically linked together
Multiple MST regions can exist in a switched network. You can assign multiple devices to the same MST region, as shown in Figure 22.
· The switched network contains four MST regions, MST region 1 through MST region 4.
· All devices in each MST region have the same MST region configuration.
MSTI
MSTP can generate multiple independent spanning trees in an MST region, and each spanning tree is mapped to the specific VLANs. Each spanning tree is referred to as a multiple spanning tree instance (MSTI).
In Figure 23, MST region 3 contains three MSTIs, MSTI 1, MSTI 2, and MSTI 0.
VLAN-to-instance mapping table
As an attribute of an MST region, the VLAN-to-instance mapping table describes the mapping relationships between VLANs and MSTIs.
In Figure 23, the VLAN-to-instance mapping table of MST region 3 is as follows:
· VLAN 1 to MSTI 1.
· VLAN 2 and VLAN 3 to MSTI 2.
· Other VLANs to MSTI 0.
MSTP achieves load balancing by means of the VLAN-to-instance mapping table.
CST
The common spanning tree (CST) is a single spanning tree that connects all MST regions in a switched network. If you regard each MST region as a device, the CST is a spanning tree calculated by these devices through STP or RSTP.
The blue lines in Figure 22 represent the CST.
IST
An internal spanning tree (IST) is a spanning tree that runs in an MST region. It is also called MSTI 0, a special MSTI to which all VLANs are mapped by default.
In Figure 22, MSTI 0 is the IST in MST region 3.
CIST
The common and internal spanning tree (CIST) is a single spanning tree that connects all devices in a switched network. It consists of the ISTs in all MST regions and the CST.
In Figure 22, the ISTs (MSTI 0) in all MST regions plus the inter-region CST constitute the CIST of the entire network.
Regional root
The root bridge of the IST or an MSTI within an MST region is the regional root of the IST or MSTI. Based on the topology, different spanning trees in an MST region might have different regional roots, as shown in MST region 3 in Figure 23.
· The regional root of MSTI 1 is Device B.
· The regional root of MSTI 2 is Device C.
· The regional root of MSTI 0 (also known as the IST) is Device A.
Common root bridge
The common root bridge is the root bridge of the CIST.
In Figure 22, the common root bridge is a device in MST region 1.
Port roles
A port can play different roles in different MSTIs. As shown in Figure 24, an MST region contains Device A, Device B, Device C, and Device D. Port A1 and port A2 of Device A connect to the common root bridge. Port B2 and Port B3 of Device B form a loop. Port C3 and Port C4 of Device C connect to other MST regions. Port D3 of Device D directly connects to a host.
MSTP calculation involves the following port roles:
· Root port—Forwards data for a non-root bridge to the root bridge. The root bridge does not have any root port.
· Designated port—Forwards data to the downstream network segment or device.
· Alternate port—Acts as the backup port for a root port or master port. When the root port or master port is blocked, the alternate port takes over.
· Backup port—Acts as the backup port of a designated port. When the designated port is invalid, the backup port becomes the new designated port. A loop occurs when two ports of the same spanning tree device are connected, so the device blocks one of the ports. The blocked port acts as the backup.
· Edge port—Directly connects to a user host rather than a network device or network segment.
· Master port—Acts as a port on the shortest path from the local MST region to the common root bridge. The master port is not always located on the regional root. It is a root port on the IST or CIST and still a master port on the other MSTIs.
· Boundary port—Connects an MST region to another MST region or to an STP/RSTP-running device. In MSTP calculation, a boundary port's role on an MSTI is consistent with its role on the CIST. However, that is not true with master ports. A master port on MSTIs is a root port on the CIST.
Port states
In MSTP, a port can be in one of the following states:
· Forwarding—The port receives and sends BPDUs, learns MAC addresses, and forwards user traffic.
· Learning—The port receives and sends BPDUs, learns MAC addresses, but does not forward user traffic. Learning is an intermediate port state.
· Discarding—The port receives and sends BPDUs, but does not learn MAC addresses or forward user traffic.
|
NOTE: When in different MSTIs, a port can be in different states. |
A port state is not exclusively associated with a port role. Table 9 lists the port states that each port role supports. (A check mark [√] indicates that the port supports this state, while a dash [—] indicates that the port does not support this state.)
Table 9 Port states that different port roles support
Port role (right) Port state (below) |
Root port/master port |
Designated port |
Alternate port |
Backup port |
Forwarding |
√ |
√ |
— |
— |
Learning |
√ |
√ |
— |
— |
Discarding |
√ |
√ |
√ |
√ |
How MSTP works
MSTP divides an entire Layer 2 network into multiple MST regions, which are connected by a calculated CST. Inside an MST region, multiple spanning trees, called MSTIs, are calculated. Among these MSTIs, MSTI 0 is the IST.
Like STP, MSTP uses configuration BPDUs to calculate spanning trees. An important difference is that an MSTP BPDU carries the MSTP configuration of the bridge from which the BPDU is sent.
CIST calculation
During the CIST calculation, the following process takes place:
· The device with the highest priority is elected as the root bridge of the CIST.
· MSTP generates an IST within each MST region through calculation.
· MSTP regards each MST region as a single device and generates a CST among these MST regions through calculation.
The CST and ISTs constitute the CIST of the entire network.
MSTI calculation
Within an MST region, MSTP generates different MSTIs for different VLANs based on the VLAN-to-instance mappings. For each spanning tree, MSTP performs a separate calculation process similar to spanning tree calculation in STP. For more information, see "Calculation process of the STP algorithm."
In MSTP, a VLAN frame is forwarded along the following paths:
· Within an MST region, the frame is forwarded along the corresponding MSTI.
· Between two MST regions, the frame is forwarded along the CST.
MSTP implementation on devices
MSTP is compatible with STP and RSTP. Devices that are running MSTP and that are used for spanning tree calculation can identify STP and RSTP protocol frames.
In addition to basic MSTP features, the following features are provided for ease of management:
· Root bridge hold
· Root bridge backup
· Root guard
· BPDU guard
· TC-BPDU guard
· Port role restriction
· TC-BPDU transmission restriction
· Support for hot swapping of interface cards and active/standby changeover.
Rapid transition mechanism
In STP, a port must wait twice the forward delay (30 seconds by default) before it transits from the blocking state to the forwarding state. The forward delay is related to the hello time and network diameter. If the forward delay is too short, loops might occur. This affects the stability of the network.
RSTP, PVST, and MSTP all use the rapid transition mechanism to speed up port state transition for edge ports, root ports, and designated ports. The rapid transition mechanism for designated ports is also known as the proposal/agreement (P/A)_transition.
Edge port rapid transition
As shown in Figure 25, Port C3 is an edge port connected to a host. When a network topology change occurs, the port can immediately transit from the blocking state to the forwarding state because no loop will be caused.
Because a device cannot determine whether a port is directly connected to a terminal, you must manually configure the port as an edge port.
Figure 25 Edge port rapid transition
Root port rapid transition
When a root port is blocked, the bridge will elect the alternate port with the highest priority as the new root port. If the new root port's peer is in the forwarding state, the new root port immediately transits to the forwarding state.
As shown in Figure 26, Port C2 on Device C is a root port and Port C1 is an alternate port. When Port C2 transits to the blocking state, Port C1 is elected as the root port and immediately transits to the forwarding state.
Figure 26 Root port rapid transition
P/A transition
The P/A transition enables a designated port to rapidly transit to the forwarding state after a handshake with its peer. The P/A transition applies only to point-to-point links.
· P/A transition for RSTP and PVST.
In RSTP or PVST, the ports on a new link or recovered link are designated ports in blocking state. When one of the designated ports transits to the discarding or learning state, it sets the proposal flag in its BPDU. Its peer bridge receives the BPDU and determines whether the receiving port is the root port. If it is the root port, the bridge blocks the other ports except edge ports. The bridge then replies an agreement BPDU to the designated port. The designated port immediately transits to the forwarding state upon receiving the agreement BPDU. If the designated port does not receive the agreement BPDU, it waits for twice the forward delay to transit to the forwarding state.
As shown in Figure 27, the P/A transition operates as follows:
a. Device A sends a proposal BPDU to Device B through GigabitEthernet 1/0/1.
b. Device B receives the proposal BPDU on GigabitEthernet 1/0/2. GigabitEthernet 1/0/2 is elected as the root port.
c. Device B blocks its designated port GigabitEthernet 1/0/1 and alternate port GigabitEthernet 1/0/3 to eliminate loops.
d. The root port GigabitEthernet 1/0/2 transits to the forwarding state and sends an agreement BPDU to Device A.
e. The designated port GigabitEthernet 1/0/1 on Device A immediately transits to the forwarding state after receiving the agreement BPDU.
Figure 27 P/A transition for RSTP and PVST
· P/A transition for MSTP.
In MSTP, an upstream bridge sets both the proposal and agreement flags in its BPDU. If a downstream bridge receives the BPDU and its receiving port is elected as the root port, the bridge blocks all the other ports except edge ports. The downstream bridge then replies an agreement BPDU to the upstream bridge. The upstream port immediately transits to the forwarding state upon receiving the agreement BPDU. If the upstream port does not receive the agreement BPDU, it waits for twice the forward delay to transit to the forwarding state.
As shown in Figure 28, the P/A transition operates as follows:
a. Device A sets the proposal and agreement flags in its BPDU and sends it to Device B through GigabitEthernet 1/0/1.
b. Device B receives the BPDU. GigabitEthernet 1/0/2 of Device B is elected as the root port.
c. Device B then blocks all its ports except the edge ports.
d. The root port GigabitEthernet 1/0/2 of Device B transits to the forwarding state and sends an agreement BPDU to Device A.
e. GigabitEthernet 1/0/1 of Device A immediately transits to the forwarding state upon receiving the agreement BPDU.
Figure 28 P/A transition for MSTP
Protocols and standards
MSTP is documented in the following protocols and standards:
· IEEE 802.1d, Media Access Control (MAC) Bridges
· IEEE 802.1w, Part 3: Media Access Control (MAC) Bridges—Amendment 2: Rapid Reconfiguration
· IEEE 802.1s, Virtual Bridged Local Area Networks—Amendment 3: Multiple Spanning Trees
· IEEE 802.1Q-REV/D1.3, Media Access Control (MAC) Bridges and Virtual Bridged Local Area Networks —Clause 13: Spanning tree Protocols
Command and hardware compatibility
The WX1800H series access controllers do not support the slot keyword or the slot-number argument.
Spanning tree configuration task lists
Before configuring a spanning tree, complete the following tasks:
· Determine the spanning tree protocol to be used (STP, RSTP, PVST, or MSTP).
· Plan the device roles (the root bridge or leaf node).
When you configure spanning tree protocols, follow these restrictions and guidelines:
· Configurations made in system view take effect globally. Configurations made in Ethernet interface view or WLAN mesh interface view take effect only on the interface. Configurations made in Layer 2 aggregate interface view take effect only on the aggregate interface. Configurations made on an aggregation member port can take effect only after the port is removed from the aggregation group.
· After you enable a spanning tree protocol on a Layer 2 aggregate interface, the system performs spanning tree calculation on the Layer 2 aggregate interface. It does not perform spanning tree calculation on the aggregation member ports. The spanning tree protocol enable state and forwarding state of each selected member port is consistent with those of the corresponding Layer 2 aggregate interface.
· The member ports of an aggregation group do not participate in spanning tree calculation. However, the ports still reserve their spanning tree configurations for participating in spanning tree calculation after leaving the aggregation group.
STP configuration task list
Tasks at a glance |
Configuring the root bridge: · (Required.) Setting the spanning tree mode · (Optional.) Configuring the root bridge or a secondary root bridge · (Optional.) Configuring the device priority · (Optional.) Configuring the network diameter of a switched network · (Optional.) Setting spanning tree timers · (Optional.) Setting the timeout factor · (Optional.) Configuring the BPDU transmission rate · (Optional.) Enabling outputting port state transition information · (Required.) Enabling the spanning tree feature |
Configuring the leaf nodes: · (Required.) Setting the spanning tree mode · (Optional.) Configuring the device priority · (Optional.) Setting the timeout factor · (Optional.) Configuring the BPDU transmission rate · (Optional.) Configuring path costs of ports · (Optional.) Configuring the port priority · (Optional.) Enabling outputting port state transition information · (Required.) Enabling the spanning tree feature |
(Optional.) Configuring TC Snooping |
(Optional.) Configuring protection features |
(Optional.) Enabling SNMP notifications for new-root election and topology change events |
RSTP configuration task list
Tasks at a glance |
Configuring the root bridge: · (Required.) Setting the spanning tree mode · (Optional.) Configuring the root bridge or a secondary root bridge · (Optional.) Configuring the device priority · (Optional.) Configuring the network diameter of a switched network · (Optional.) Setting spanning tree timers · (Optional.) Setting the timeout factor · (Optional.) Configuring the BPDU transmission rate · (Optional.) Configuring edge ports · (Optional.) Configuring the port link type · (Optional.) Enabling outputting port state transition information · (Required.) Enabling the spanning tree feature |
Configuring the leaf nodes: · (Required.) Setting the spanning tree mode · (Optional.) Configuring the device priority · (Optional.) Setting the timeout factor · (Optional.) Configuring the BPDU transmission rate · (Optional.) Configuring edge ports · (Optional.) Configuring path costs of ports · (Optional.) Configuring the port priority · (Optional.) Configuring the port link type · (Optional.) Enabling outputting port state transition information · (Required.) Enabling the spanning tree feature |
(Optional.) Performing mCheck |
(Optional.) Configuring TC Snooping |
(Optional.) Configuring protection features |
(Optional.) Enabling SNMP notifications for new-root election and topology change events |
PVST configuration task list
Tasks at a glance |
Configuring the root bridge: · (Required.) Setting the spanning tree mode · (Optional.) Configuring the root bridge or a secondary root bridge · (Optional.) Configuring the device priority · (Optional.) Configuring the network diameter of a switched network · (Optional.) Setting spanning tree timers · (Optional.) Setting the timeout factor · (Optional.) Configuring the BPDU transmission rate · (Optional.) Configuring edge ports · (Optional.) Configuring the port link type · (Optional.) Enabling outputting port state transition information · (Required.) Enabling the spanning tree feature |
Configuring the leaf nodes: · (Required.) Setting the spanning tree mode · (Optional.) Configuring the device priority · (Optional.) Setting the timeout factor · (Optional.) Configuring the BPDU transmission rate · (Optional.) Configuring edge ports · (Optional.) Configuring path costs of ports · (Optional.) Configuring the port priority · (Optional.) Configuring the port link type · (Optional.) Enabling outputting port state transition information · (Required.) Enabling the spanning tree feature |
(Optional.) Performing mCheck |
(Optional.) Disabling inconsistent PVID protection |
(Optional.) Configuring protection features |
(Optional.) Enabling SNMP notifications for new-root election and topology change events |
MSTP configuration task list
Tasks at a glance |
Configuring the root bridge: · (Required.) Setting the spanning tree mode · (Required.) Configuring an MST region · (Optional.) Configuring the root bridge or a secondary root bridge · (Optional.) Configuring the device priority · (Optional.) Configuring the maximum hops of an MST region · (Optional.) Configuring the network diameter of a switched network · (Optional.) Setting spanning tree timers · (Optional.) Setting the timeout factor · (Optional.) Configuring the BPDU transmission rate · (Optional.) Configuring edge ports · (Optional.) Configuring the port link type · (Optional.) Configuring the mode a port uses to recognize and send MSTP frames · (Optional.) Enabling outputting port state transition information · (Required.) Enabling the spanning tree feature |
Configuring the leaf nodes: · (Required.) Setting the spanning tree mode · (Required.) Configuring an MST region · (Optional.) Configuring the device priority · (Optional.) Setting the timeout factor · (Optional.) Configuring the BPDU transmission rate · (Optional.) Configuring edge ports · (Optional.) Configuring path costs of ports · (Optional.) Configuring the port priority · (Optional.) Configuring the port link type · (Optional.) Configuring the mode a port uses to recognize and send MSTP frames · (Optional.) Enabling outputting port state transition information · (Required.) Enabling the spanning tree feature |
(Optional.) Performing mCheck |
(Optional.) Configuring Digest Snooping |
(Optional.) Configuring No Agreement Check |
(Optional.) Configuring TC Snooping |
(Optional.) Configuring protection features |
(Optional.) Enabling SNMP notifications for new-root election and topology change events |
Setting the spanning tree mode
The spanning tree modes include:
· STP mode—All ports of the device send STP BPDUs. Select this mode when the peer device of a port supports only STP.
· RSTP mode—All ports of the device send RSTP BPDUs. A port in this mode automatically transits to the STP mode when it receives STP BPDUs from the peer device. A port in this mode does not transit to the MSTP mode when it receives MSTP BPDUs from the peer device.
· PVST mode—All ports of the device send PVST BPDUs. Each VLAN maintains a spanning tree. In a network, the amount of spanning trees maintained by all devices equals the number of PVST-enabled VLANs multiplied by the number of PVST-enabled ports. If the amount of spanning trees exceeds the capacity of the network, device CPUs will be overloaded. Packet forwarding is interrupted, and the network becomes unstable.
· MSTP mode—All ports of the device send MSTP BPDUs. A port in this mode automatically transits to the STP mode when receiving STP BPDUs from the peer device. A port in this mode does not transit to the RSTP mode when receiving RSTP BPDUs from the peer device.
The MSTP mode is compatible with the RSTP mode, and the RSTP mode is compatible with the STP mode.
Compatibility of the PVST mode depends on the link type of a port.
· On an access port, the PVST mode is compatible with other spanning tree modes in all VLANs.
· On a trunk port or hybrid port, the PVST mode is compatible with other spanning tree modes only in the default VLAN.
To set the spanning tree mode:
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Set the spanning tree mode. |
stp mode { mstp | pvst | rstp | stp } |
The default setting is the MSTP mode. |
Configuring an MST region
Spanning tree devices belong to the same MST region if they are both connected through a physical link and configured with the following details:
· Format selector (0 by default, not configurable).
· MST region name.
· MST region revision level.
· VLAN-to-instance mapping entries in the MST region.
The configuration of MST region-related parameters (especially the VLAN-to-instance mapping table) might cause MSTP to begin a new spanning tree calculation. To reduce the possibility of topology instability, the MST region configuration takes effect only after you activate it by doing one of the following:
· Use the active region-configuration command.
· Enable a spanning tree protocol by using the stp global enable command if the spanning tree protocol is disabled.
In STP, RSTP, or PVST mode, MST region configurations do not take effect.
To configure an MST region:
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Enter MST region view. |
stp region-configuration |
N/A |
3. Configure the MST region name. |
region-name name |
The default setting is the MAC address. |
4. Configure the VLAN-to-instance mapping table. |
· instance instance-id vlan vlan-id-list · vlan-mapping modulo modulo |
Use one of the commands. By default, all VLANs in an MST region are mapped to the CIST (or MSTI 0). |
5. Configure the MSTP revision level of the MST region. |
revision-level level |
The default setting is 0. |
6. (Optional.) Display the MST region configurations that are not activated yet. |
check region-configuration |
N/A |
7. Manually activate MST region configuration. |
active region-configuration |
N/A |
Configuring the root bridge or a secondary root bridge
You can have the spanning tree protocol determine the root bridge of a spanning tree through calculation. You can also specify a device as the root bridge or as a secondary root bridge.
A device has independent roles in different spanning trees. It can act as the root bridge in one spanning tree and as a secondary root bridge in another. However, one device cannot be the root bridge and a secondary root bridge in the same spanning tree.
A spanning tree can have only one root bridge. If multiple devices can be selected as the root bridge in a spanning tree, the device with the lowest MAC address is selected.
When the root bridge of an instance fails or is shut down and no new root bridge is specified, the following events occur:
· If you specify only one secondary root bridge, it becomes the root bridge.
· If you specify multiple secondary root bridges for the instance, the secondary root bridge with the lowest MAC address is given priority.
· If you do not specify a secondary root bridge, a new root bridge is calculated.
You can specify one root bridge for each spanning tree, regardless of the device priority settings. Once you specify a device as the root bridge or a secondary root bridge, you cannot change its priority.
You can configure a device as the root bridge by setting the device priority to 0. For the device priority configuration, see "Configuring the device priority."
Configuring the current device as the root bridge of a specific spanning tree
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Configure the current device as the root bridge. |
· In STP/RSTP mode: · In PVST mode: · In MSTP mode: |
By default, a device does not function as the root bridge. |
Configuring the current device as a secondary root bridge of a specific spanning tree
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Configure the current device as a secondary root bridge. |
· In STP/RSTP mode: · In PVST mode: · In MSTP mode: |
By default, a device does not function as a secondary root bridge. |
Configuring the device priority
Device priority is a factor in calculating the spanning tree. The priority of a device determines whether the device can be elected as the root bridge of a spanning tree. A lower value indicates a higher priority. You can set the priority of a device to a low value to specify the device as the root bridge of the spanning tree. A spanning tree device can have different priorities in different spanning trees.
During root bridge selection, if all devices in a spanning tree have the same priority, the one with the lowest MAC address is selected. You cannot change the priority of a device after it is configured as the root bridge or as a secondary root bridge.
To configure the priority of a device in a specified MSTI:
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Configure the priority of the current device. |
· In STP/RSTP mode: · In PVST mode: · In MSTP mode: |
The default setting is 32768. |
Configuring the maximum hops of an MST region
Restrict the region size by setting the maximum hops of an MST region. The hop limit configured on the regional root bridge is used as the hop limit for the MST region.
Configuration BPDUs sent by the regional root bridge always have a hop count set to the maximum value. When a device receives this configuration BPDU, it decrements the hop count by one, and uses the new hop count in the BPDUs that it propagates. When the hop count of a BPDU reaches zero, it is discarded by the device that received it. Devices beyond the reach of the maximum hops can no longer participate in spanning tree calculations, so the size of the MST region is limited.
Make this configuration only on the root bridge. All other devices in the MST region use the maximum hop value set for the root bridge.
You can configure the maximum hops of an MST region based on the STP network size. H3C recommends that you set the maximum hops to a value that is greater than the maximum hops of each edge device to the root bridge.
To configure the maximum number of hops of an MST region:
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Configure the maximum hops of the MST region. |
stp max-hops hops |
The default setting is 20. |
Configuring the network diameter of a switched network
Any two terminal devices in a switched network can reach each other through a specific path, and there are a series of devices on the path. The switched network diameter is the maximum number of devices on the path for an edge device to reach another one in the switched network through the root bridge. The network diameter indicates the network size. The bigger the diameter, the larger the network size.
Based on the network diameter you configured, the system automatically sets an optimal hello time, forward delay, and max age for the device.
In STP, RSTP, or MSTP mode, each MST region is considered a device. The configured network diameter takes effect only on the CIST (or the common root bridge) but not on other MSTIs.
In PVST mode, the configured network diameter takes effect only on the root bridges of the specified VLANs.
To configure the network diameter of a switched network:
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Configure the network diameter of the switched network. |
· In STP/RSTP/MSTP mode: · In PVST mode: |
The default setting is 7. |
Setting spanning tree timers
The following timers are used for spanning tree calculation:
· Forward delay—Delay time for port state transition. To prevent temporary loops on a network, the spanning tree feature sets an intermediate port state (the learning state) before it transits from the discarding state to the forwarding state. The feature also requires that the port transit its state after a forward delay timer. This ensures that the state transition of the local port stays synchronized with the peer.
· Hello time—Interval at which the device sends configuration BPDUs to detect link failures. If the device does not receive configuration BPDUs within the timeout period, it recalculates the spanning tree. The formula for calculating the timeout period is timeout period = timeout factor × 3 × hello time.
· Max age—In the CIST of an MSTP network, the device uses the max age timer to determine whether a configuration BPDU received by a port has expired. If it is expired, a new spanning tree calculation process starts. The max age timer does not take effect on MSTIs.
To ensure a fast topology convergence, make sure the timer settings meet the following formulas:
· 2 × (forward delay – 1 second) ≥ max age
· Max age ≥ 2 × (hello time + 1 second)
H3C recommends not manually setting the spanning tree timers. H3C recommends that you specify the network diameter and letting spanning tree protocols automatically calculate the timers based on the network diameter. If the network diameter uses the default value, the timers also use their default values.
Set the timers only on the root bridge. The timer settings on the root bridge apply to all devices on the entire switched network.
Configuration restrictions and guidelines
· The length of the forward delay is related to the network diameter of the switched network. The larger the network diameter is, the longer the forward delay time should be. H3C recommends that you use the automatically calculated value because inappropriate forward delay setting might cause temporary redundant paths or increase the network convergence time.
· An appropriate hello time setting enables the device to promptly detect link failures on the network without using excessive network resources. If the hello time is too long, the device mistakes packet loss for a link failure and triggers a new spanning tree calculation process. If the hello time is too short, the device frequently sends the same configuration BPDUs, which wastes device and network resources. H3C recommends that you use the automatically calculated value.
· If the max age timer is too short, the device frequently begins spanning tree calculations and might mistake network congestion as a link failure. If the max age timer is too long, the device might fail to promptly detect link failures and quickly launch spanning tree calculations, reducing the auto-sensing capability of the network. H3C recommends that you use the automatically calculated value.
Configuration procedure
To set the spanning tree timers:
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Set the forward delay timer. |
· In STP/RSTP/MSTP mode: · In PVST mode: |
The default setting is 15 seconds. |
3. Set the hello timer. |
· In STP/RSTP/MSTP mode: · In PVST mode: |
The default setting is 2 seconds. |
4. Set the max age timer. |
· In STP/RSTP/MSTP mode: · In PVST mode: |
The default setting is 20 seconds. |
Setting the timeout factor
The timeout factor is a parameter used to decide the timeout period. The formula for calculating the timeout period is: timeout period = timeout factor × 3 × hello time.
In a stable network, each non-root-bridge device forwards configuration BPDUs to the downstream devices at the hello time interval to detect link failures. If a device does not receive a BPDU from the upstream device within nine times the hello time, it assumes that the upstream device has failed. Then, it starts a new spanning tree calculation process.
A device might fail to receive a BPDU from the upstream device because the upstream device is busy. If a spanning tree calculation occurs, the calculation can fail and also waste network resources. On a stable network, you can prevent undesired spanning tree calculations by setting the timeout factor to 5, 6, or 7.
To set the timeout factor:
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Set the timeout factor of the device. |
stp timer-factor factor |
The default setting is 3. |
Configuring the BPDU transmission rate
The maximum number of BPDUs a port can send within each hello time equals the BPDU transmission rate plus the hello timer value. Configure an appropriate BPDU transmission rate based on the physical status of the port and the network structure.
The higher the BPDU transmission rate, the more BPDUs are sent within each hello time, and the more system resources are used. By setting an appropriate BPDU transmission rate, you can limit the rate at which the port sends BPDUs. Setting an appropriate rate also prevents spanning tree protocols from using excessive network resources when the network topology changes. H3C recommends that you use the default setting.
To configure the BPDU transmission rate:
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Enter Layer 2 Ethernet interface or Layer 2 aggregate interface view. |
interface interface-type interface-number |
N/A |
3. Configure the BPDU transmission rate of the ports. |
stp transmit-limit limit |
The default setting is 10. |
Configuring edge ports
If a port directly connects to a user terminal rather than another device or a shared LAN segment, this port is regarded as an edge port. When network topology change occurs, an edge port will not cause a temporary loop. Because a device does not determine whether a port is directly connected to a terminal, you must manually configure the port as an edge port. After that, the port can rapidly transit from the blocking state to the forwarding state.
Configuration restrictions and guidelines
· If BPDU guard is disabled, a port set as an edge port becomes a non-edge port again if it receives a BPDU from another port. To restore the edge port, re-enable it.
· If a port directly connects to a user terminal, configure it as an edge port and enable BPDU guard for it. This enables the port to quickly transit to the forwarding state when ensuring network security.
· On a port, the loop guard feature and the edge port setting are mutually exclusive.
Configuration procedure
To configure a port as an edge port:
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Enter Layer 2 Ethernet interface or Layer 2 aggregate interface view. |
interface interface-type interface-number |
N/A |
3. Configure the current ports as edge ports. |
stp edged-port |
By default, all ports are non-edge ports. |
Configuring path costs of ports
Path cost is a parameter related to the link speed of a port. On a spanning tree device, a port can have different path costs in different MSTIs. Setting appropriate path costs allows VLAN traffic flows to be forwarded along different physical links, achieving VLAN-based load balancing.
You can have the device automatically calculate the default path cost, or you can configure the path cost for ports.
Specifying a standard for the device to use when it calculates the default path cost
|
CAUTION: If you change the standard that the device uses to calculate the default path costs, you restore the path costs to the default. |
You can specify a standard for the device to use in automatic calculation for the default path cost. The device supports the following standards:
· dot1d-1998—The device calculates the default path cost for ports based on IEEE 802.1d-1998.
· dot1t—The device calculates the default path cost for ports based on IEEE 802.1t.
· legacy—The device calculates the default path cost for ports based on a private standard.
When you specify a standard for the device to use when it calculates the default path cost, follow these guidelines:
· When it calculates the path cost for an aggregate interface, IEEE 802.1t takes into account the number of Selected ports in its aggregation group. However, IEEE 802.1d-1998 does not take into account the number of Selected ports. The calculation formula of IEEE 802.1t is: Path cost = 200,000,000/link speed (in 100 kbps). The link speed is the sum of the link speed values of the Selected ports in the aggregation group.
· IEEE 802.1d-1998 or the private standard always assigns the smallest possible value to a single port or aggregate interface with a speed exceeding 10 Gbps. The forwarding path selected based on this criterion might not be the best one. To solve this problem, perform one of the following tasks:
? Use dot1t as the standard for default path cost calculation.
? Manually set the path cost for the port (see "Configuring path costs of ports").
To specify a standard for the device to use when it calculates the default path cost:
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Specify a standard for the device to use when it calculates the default path costs of its ports. |
stp pathcost-standard { dot1d-1998 | dot1t | legacy } |
By default, the device uses dot1t when it calculates the default path costs of its ports. |
Table 10 Mappings between the link speed and the path cost
Link speed |
Port type |
Path cost |
||
IEEE 802.1d-1998 |
IEEE 802.1t |
Private standard |
||
0 |
N/A |
65535 |
200000000 |
200000 |
100 Mbps |
Single port |
19 |
200000 |
200 |
Aggregate interface containing two Selected ports |
100000 |
180 |
||
Aggregate interface containing three Selected ports |
66666 |
160 |
||
Aggregate interface containing four Selected ports |
50000 |
140 |
||
1000 Mbps |
Single port |
4 |
20000 |
20 |
Aggregate interface containing two Selected ports |
10000 |
18 |
||
Aggregate interface containing three Selected ports |
6666 |
16 |
||
Aggregate interface containing four Selected ports |
5000 |
14 |
||
10 Gbps |
Single port |
2 |
2000 |
2 |
Aggregate interface containing two Selected ports |
1000 |
1 |
||
Aggregate interface containing three Selected ports |
666 |
1 |
||
Aggregate interface containing four Selected ports |
500 |
1 |
||
20 Gbps |
Aggregate interface containing two Selected ports |
1 |
500 |
1 |
Aggregate interface containing three Selected ports |
333 |
1 |
||
Aggregate interface containing four Selected ports |
250 |
1 |
Configuring path costs of ports
When the path cost of a port changes, the system recalculates the role of the port and initiates a state transition.
To configure the path cost of a port:
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Enter Layer 2 Ethernet interface or Layer 2 aggregate interface view. |
interface interface-type interface-number |
N/A |
3. Configure the path cost of the ports. |
· In STP/RSTP mode: · In PVST mode: · In MSTP mode: |
By default, the system automatically calculates the path cost of each port. |
Configuring the port priority
The priority of a port is a factor that determines whether the port can be elected as the root port of a device. If all other conditions are the same, the port with the highest priority is elected as the root port.
On a spanning tree device, a port can have different priorities and play different roles in different spanning trees. As a result, data of different VLANs can be propagated along different physical paths, implementing per-VLAN load balancing. You can set port priority values based on the actual networking requirements.
When the priority of a port changes, the system recalculates the port role and initiates a state transition.
To configure the priority of a port:
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Enter Layer 2 Ethernet interface or Layer 2 aggregate interface view. |
interface interface-type interface-number |
N/A |
3. Configure the port priority. |
· In STP/RSTP mode: · In PVST mode: · In MSTP mode: |
The default setting is 128 for all ports. |
Configuring the port link type
A point-to-point link directly connects two devices. If two root ports or designated ports are connected over a point-to-point link, they can rapidly transit to the forwarding state after a proposal-agreement handshake process.
Configuration restrictions and guidelines
· You can configure the link type as point-to-point for a Layer 2 aggregate interface or a port that operates in full duplex mode. H3C recommends that you use the default setting and letting the device automatically detect the port link type.
· In PVST or MSTP mode, the stp point-to-point force-false or stp point-to-point force-true command configured on a port takes effect on all VLANs or all MSTIs.
· If you configure a non-point-to-point link as a point-to-point link, a temporary loop might occur.
Configuration procedure
To configure the link type of a port:
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Enter Layer 2 Ethernet interface or Layer 2 aggregate interface view. |
interface interface-type interface-number |
N/A |
3. Configure the port link type. |
stp point-to-point { auto | force-false | force-true } |
By default, the link type is auto where the port automatically detects the link type. |
Configuring the mode a port uses to recognize and send MSTP frames
A port can receive and send MSTP frames in the following formats:
· dot1s—802.1s-compliant standard format
· legacy—Compatible format
By default, the frame format recognition mode of a port is auto. The port automatically distinguishes the two MSTP frame formats, and determines the format of frames that it will send based on the recognized format.
You can configure the MSTP frame format on a port. Then, the port sends only MSTP frames of the configured format to communicate with devices that send frames of the same format.
By default, a port in auto mode sends 802.1s MSTP frames. When the port receives an MSTP frame of a legacy format, the port starts to send frames only of the legacy format. This prevents the port from frequently changing the format of sent frames. To configure the port to send 802.1s MSTP frames, shut down and then bring up the port.
When the number of existing MSTIs exceeds 48, the port can send only 802.1s MSTP frames.
To configure the MSTP frame format to be supported on a port:
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Enter Layer 2 Ethernet interface or Layer 2 aggregate interface view. |
interface interface-type interface-number |
N/A |
3. Configure the mode that the port uses to recognize/send MSTP frames. |
stp compliance { auto | dot1s | legacy } |
The default setting is auto. |
Enabling outputting port state transition information
In a large-scale spanning tree network, you can enable devices to output the port state transition information. Then, you can monitor the port states in real time.
To enable outputting port state transition information:
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Enable outputting port state transition information. |
· In STP/RSTP mode: · In PVST mode: · In MSTP mode: |
By default, this feature is enabled. |
Enabling the spanning tree feature
You must enable the spanning tree feature for the device before any other spanning tree related configurations can take effect. In STP, RSTP, or MSTP mode, make sure the spanning tree feature is enabled globally and on the desired ports. In PVST mode, make sure the spanning tree feature is enabled globally, in the desired VLANs, and on the desired ports.
To exclude specific ports from spanning tree calculation and save CPU resources, disable the spanning tree feature for these ports with the undo stp enable command. Make sure no loops occur in the network after you disable the spanning tree feature on these ports.
Enabling the spanning tree feature in STP/RSTP/MSTP mode
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Enable the spanning tree feature. |
stp global enable |
By default, the spanning tree feature is globally disabled. |
3. Enter Layer 2 Ethernet interface or Layer 2 aggregate interface view. |
interface interface-type interface-number |
N/A |
4. (Optional.) Enable the spanning tree feature for the port. |
stp enable |
By default, the spanning tree feature is enabled on all ports. |
Enabling the spanning tree feature in PVST mode
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Enable the spanning tree feature. |
stp global enable |
By default, the spanning tree feature is globally disabled. |
3. Enable the spanning tree feature in VLANs. |
stp vlan vlan-id-list enable |
By default, the spanning tree feature is enabled in VLANs. |
4. Enter Layer 2 Ethernet interface or Layer 2 aggregate interface view. |
interface interface-type interface-number |
N/A |
5. Enable the spanning tree feature on the port. |
stp enable |
By default, the spanning tree feature is enabled on all ports. |
Performing mCheck
The mCheck feature enables user intervention in the port status transition process.
When a port on an MSTP, RSTP, or PVST device connects to an STP device and receives STP BPDUs, the port automatically transits to the STP mode. However, the port cannot automatically transit back to the original mode when the following conditions exist:
· The peer STP device is shut down or removed.
· The port cannot detect the change.
To forcibly transit the port to operate in the original mode, you can perform an mCheck operation.
For example, Device A, Device B, and Device C are connected in sequence. Device A runs STP, Device B does not run any spanning tree protocol, and Device C runs RSTP, PVST, or MSTP. In this case, when Device C receives an STP BPDU transparently transmitted by Device B, the receiving port transits to the STP mode. If you configure Device B to run RSTP, PVST, or MSTP with Device C, you must perform mCheck operations on the ports interconnecting Device B and Device C.
Configuration restrictions and guidelines
When you configure mCheck, follow these restrictions and guidelines:
· The mCheck operation takes effect on devices operating in MSTP, PVST, or RSTP mode.
· When you enable or disable TRILL on a port, the port might send TCN BPDUs to the peer port, which causes the peer port to transit to STP mode. When you disable TRILL and enable STP on a port, H3C recommends that you perform mCheck on both the port and the peer port.
Performing mCheck globally
Step |
Command |
1. Enter system view. |
system-view |
2. Perform mCheck. |
stp global mcheck |
Performing mCheck in interface view
Step |
Command |
1. Enter system view. |
system-view |
2. Enter Layer 2 Ethernet interface or Layer 2 aggregate interface view. |
interface interface-type interface-number |
3. Perform mCheck. |
stp mcheck |
Disabling inconsistent PVID protection
In PVST, if two connected ports use different PVIDs, PVST calculation errors might occur. By default, inconsistent PVID protection is enabled to avoid PVST calculation errors. If PVID inconsistency is detected on a port, the system blocks the port.
If different PVIDs are required on two connected ports, disable inconsistent PVID protection on the devices that host the ports. To avoid PVST calculation errors, make sure the following requirements are met:
· Make sure the VLANs on one device do not use the same ID as the PVID of its peer port (except the default VLAN) on another device.
· If the local port or its peer is a hybrid port, do not configure the local and peer ports as untagged members of the same VLAN.
· Disable inconsistent PVID protection on both the local device and the peer device.
This feature takes effect only when the device is operating in PVST mode.
To disable the inconsistent PVID protection feature:
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Disable the inconsistent PVID protection feature. |
stp ignore-pvid-inconsistency |
By default, the inconsistent PVID protection feature is enabled. |
Configuring Digest Snooping
|
CAUTION: Use caution with global Digest Snooping in the following situations: · When you modify the VLAN-to-instance mappings. · When you restore the default MST region configuration. If the local device has different VLAN-to-instance mappings than its neighboring devices, loops or traffic interruption will occur. |
As defined in IEEE 802.1s, connected devices are in the same region only when they have the same MST region-related configurations, including:
· Region name.
· Revision level.
· VLAN-to-instance mappings.
A spanning tree device identifies devices in the same MST region by determining the configuration ID in BPDUs. The configuration ID includes the region name, revision level, and configuration digest. It is 16-byte long and is the result calculated through the HMAC-MD5 algorithm based on VLAN-to-instance mappings.
Because spanning tree implementations vary by vendor, the configuration digests calculated through private keys are different. The devices of different vendors in the same MST region cannot communicate with each other.
To enable communication between an H3C device and a third-party device in the same MST region, enable Digest Snooping on the H3C device port connecting them.
Configuration restrictions and guidelines
When you configure Digest Snooping, follow these guidelines:
· Before you enable Digest Snooping, make sure associated devices of different vendors are connected and run spanning tree protocols.
· With Digest Snooping enabled, in-the-same-region verification does not require comparison of configuration digest. The VLAN-to-instance mappings must be the same on associated ports.
· To make Digest Snooping take effect, you must enable Digest Snooping both globally and on associated ports. H3C recommends that you enable Digest Snooping on all associated ports first and then enable it globally. This will make the configuration take effect on all configured ports and reduce impact on the network.
· To prevent loops, do not enable Digest Snooping on MST region edge ports.
· H3C recommends that you enable Digest Snooping first and then the spanning tree feature. To avoid traffic interruption, do not configure Digest Snooping when the network is already working well.
Configuration procedure
Use this feature on when your H3C device is connected to a third-party device that uses its private key to calculate the configuration digest.
To configure Digest Snooping:
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Enter Layer 2 Ethernet interface or Layer 2 aggregate interface view. |
interface interface-type interface-number |
N/A |
3. Enable Digest Snooping on the interface. |
stp config-digest-snooping |
By default, Digest Snooping is disabled on ports. |
4. Return to system view. |
quit |
N/A |
5. Enable Digest Snooping globally. |
stp global config-digest-snooping |
By default, Digest Snooping is disabled globally. |
Configuring No Agreement Check
In RSTP and MSTP, the following types of messages are used for rapid state transition on designated ports:
· Proposal—Sent by designated ports to request rapid transition
· Agreement—Used to acknowledge rapid transition requests
Both RSTP and MSTP devices can perform rapid transition on a designated port only when the port receives an agreement packet from the downstream device. RSTP and MSTP devices have the following differences:
· For MSTP, the root port of the downstream device sends an agreement packet only after it receives an agreement packet from the upstream device.
· For RSTP, the downstream device sends an agreement packet whether or not an agreement packet from the upstream device is received.
Figure 29 Rapid state transition of an MSTP designated port
Figure 30 Rapid state transition of an RSTP designated port
If the upstream device is a third-party device, the rapid state transition implementation might be limited as follows:
· The upstream device uses a rapid transition mechanism similar to that of RSTP.
· The downstream device runs MSTP and does not operate in RSTP mode.
In this case, the following occurs:
1. The root port on the downstream device receives no agreement from the upstream device.
2. It sends no agreement to the upstream device.
As a result, the designated port of the upstream device can transit to the forwarding state only after a period twice the forward delay.
To enable the designated port of the upstream device to transit its state rapidly, enable No Agreement Check on the downstream device's port.
Configuration prerequisites
Before you configure the No Agreement Check feature, complete the following tasks:
· Connect a device to a third-party upstream device that supports spanning tree protocols through a point-to-point link.
· Configure the same region name, revision level, and VLAN-to-instance mappings on the two devices.
Configuration procedure
Enable the No Agreement Check feature on the root port.
To configure No Agreement Check:
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Enter Layer 2 Ethernet interface or Layer 2 aggregate interface view. |
interface interface-type interface-number |
N/A |
3. Enable No Agreement Check. |
stp no-agreement-check |
By default, No Agreement Check is disabled. |
Configuring TC Snooping
As shown in Figure 31, an IRF fabric connects to two user networks through double links.
· Device A and Device B form the IRF fabric.
· The spanning tree feature is disabled on Device A and Device B and enabled on all devices in user network 1 and user network 2.
· The IRF fabric transparently transmits BPDUs for both user networks and is not involved in the calculation of spanning trees.
When the network topology changes, it takes time for the IRF fabric to update its MAC address table and ARP table. During this period, traffic in the network might be interrupted.
Figure 31 TC Snooping application scenario
To avoid traffic interruption, you can enable TC Snooping on the IRF fabric. After receiving a TC-BPDU through a port, the IRF fabric updates MAC address table and ARP table entries associated with the port's VLAN. In this way, TC Snooping prevents topology change from interrupting traffic forwarding in the network. For more information about the MAC address table and the ARP table, see "Configuring the MAC address table" and Layer 3—IP Services Configuration Guide.
Configuration restrictions and guidelines
When you configure TC Snooping, follow these restrictions and guidelines:
· TC Snooping and the spanning tree feature are mutually exclusive. You must globally disable the spanning tree feature before enabling TC Snooping.
· The priority of BPDU tunneling is higher than that of TC Snooping. When BPDU tunneling is enabled on a port, the TC Snooping feature does not take effect on the port.
· TC Snooping does not support the PVST mode.
Configuration procedure
To enable TC Snooping:
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Globally disable the spanning tree feature. |
undo stp global enable |
By default, the spanning tree feature is globally disabled. |
3. Enable TC Snooping. |
stp tc-snooping |
By default, TC Snooping is disabled. |
Configuring protection features
A spanning tree device supports the following protection features:
· BPDU guard
· Root guard
· Loop guard
· Port role restriction
· TC-BPDU transmission restriction
· TC-BPDU guard
· PVST BPDU guard
Enabling BPDU guard
For access layer devices, the access ports can directly connect to the user terminals (such as PCs) or file servers. The access ports are configured as edge ports to allow rapid transition. When these ports receive configuration BPDUs, the system automatically sets the ports as non-edge ports and starts a new spanning tree calculation process. This causes a change of network topology. Under normal conditions, these ports should not receive configuration BPDUs. However, if someone uses configuration BPDUs maliciously to attack the devices, the network will become unstable.
The spanning tree protocol provides the BPDU guard feature to protect the system against such attacks. When edge ports receive configuration BPDUs on a device with BPDU guard enabled, the device performs the following operations:
· Shuts down these ports.
· Notifies the NMS that these ports have been shut down by the spanning tree protocol.
The device reactivates the ports that have been shut down when the port status detection timer expires. You can set this timer by using the shutdown-interval command. For more information about this command, see device management commands in Fundamentals Command Reference.
BPDU guard does not take effect on loopback-testing-enabled ports. For more information about loopback testing, see Ethernet interface configuration in Interface Configuration Guide.
Configure BPDU guard on a device with edge ports configured.
To enable BPDU guard:
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Enable the BPDU guard feature for the device. |
stp bpdu-protection |
By default, BPDU guard is disabled. |
Enabling root guard
The root bridge and secondary root bridge of a spanning tree should be located in the same MST region. Especially for the CIST, the root bridge and secondary root bridge are put in a high-bandwidth core region during network design. However, due to possible configuration errors or malicious attacks in the network, the legal root bridge might receive a configuration BPDU with a higher priority. Another device supersedes the current legal root bridge, causing an undesired change of the network topology. The traffic that should go over high-speed links is switched to low-speed links, resulting in network congestion.
To prevent this situation, MSTP provides the root guard feature. If root guard is enabled on a port of a root bridge, this port plays the role of designated port on all MSTIs. After this port receives a configuration BPDU with a higher priority from an MSTI, it performs the following operations:
· Immediately sets that port to the listening state in the MSTI.
· Does not forward the received configuration BPDU.
This is equivalent to disconnecting the link connected to this port in the MSTI. If the port receives no BPDUs with a higher priority within twice the forwarding delay, it reverts to its original state.
On a port, the loop guard feature and the root guard feature are mutually exclusive.
Configure root guard on a designated port.
To enable root guard:
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Enter Layer 2 Ethernet interface or Layer 2 aggregate interface view. |
interface interface-type interface-number |
N/A |
3. Enable the root guard feature. |
stp root-protection |
By default, root guard is disabled. |
Enabling loop guard
By continuing to receive BPDUs from the upstream device, a device can maintain the state of the root port and blocked ports. However, link congestion or unidirectional link failures might cause these ports to fail to receive BPDUs from the upstream devices. In this situation, the device reselects the following port roles:
· Those ports in forwarding state that failed to receive upstream BPDUs become designated ports.
· The blocked ports transit to the forwarding state.
As a result, loops occur in the switched network. The loop guard feature can suppress the occurrence of such loops.
The initial state of a loop guard-enabled port is discarding in every MSTI. When the port receives BPDUs, it transits its state. Otherwise, it stays in the discarding state to prevent temporary loops.
Do not enable loop guard on a port that connects user terminals. Otherwise, the port stays in the discarding state in all MSTIs because it cannot receive BPDUs.
On a port, the loop guard feature is mutually exclusive with the root guard feature or the edge port setting.
Configure loop guard on the root port and alternate ports of a device.
To enable loop guard:
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Enter Layer 2 Ethernet interface or Layer 2 aggregate interface view. |
interface interface-type interface-number |
N/A |
3. Enable the loop guard feature for the ports. |
stp loop-protection |
By default, loop guard is disabled. |
Configuring port role restriction
|
CAUTION: Use this feature with caution, because enabling port role restriction on a port might affect the connectivity of the spanning tree topology. |
The bridge ID change of a device in the user access network might cause a change to the spanning tree topology in the core network. To avoid this problem, you can enable port role restriction on a port. With this feature enabled, when the port receives a superior BPDU, it becomes an alternate port rather than a root port.
Make this configuration on the port that connects to the user access network.
To configure port role restriction:
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Enter Layer 2 Ethernet interface or Layer 2 aggregate interface view. |
interface interface-type interface-number |
N/A |
3. Enable port role restriction. |
stp role-restriction |
By default, port role restriction is disabled. |
Configuring TC-BPDU transmission restriction
|
CAUTION: Enabling TC-BPDU transmission restriction on a port might cause the previous forwarding address table to fail to be updated when the topology changes. |
The topology change to the user access network might cause the forwarding address changes to the core network. When the user access network topology is unstable, the user access network might affect the core network. To avoid this problem, you can enable TC-BPDU transmission restriction on a port. With this feature enabled, when the port receives a TC-BPDU, it does not forward the TC-BPDU to other ports.
Make this configuration on the port that connects to the user access network.
To configure TC-BPDU transmission restriction:
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Enter Layer 2 Ethernet interface or Layer 2 aggregate interface view. |
interface interface-type interface-number |
N/A |
3. Enable TC-BPDU transmission restriction. |
stp tc-restriction |
By default, TC-BPDU transmission restriction is disabled. |
Enabling TC-BPDU guard
When a device receives topology change (TC) BPDUs (the BPDUs that notify devices of topology changes), it flushes its forwarding address entries. If someone uses TC-BPDUs to attack the device, the device will receive a large number of TC-BPDUs within a short time. Then, the device is busy with forwarding address entry flushing. This affects network stability.
TC-BPDU guard allows you to set the maximum number of immediate forwarding address entry flushes performed within 10 seconds after the device receives the first TC-BPDU. For TC-BPDUs received in excess of the limit, the device performs a forwarding address entry flush when the time period expires. This prevents frequent flushing of forwarding address entries. H3C recommends that you enable TC-BPDU guard.
To enable TC-BPDU guard:
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Enable the TC-BPDU guard feature. |
stp tc-protection |
By default, TC-BPDU guard is enabled. H3C recommends not disabling this feature. |
3. (Optional.) Configure the maximum number of forwarding address entry flushes that the device can perform every 10 seconds. |
stp tc-protection threshold number |
The default setting is 6. |
Enabling PVST BPDU guard
An MSTP-enabled device forwards PVST BPDUs as data traffic because it cannot recognize PVST BPDUs. If a PVST-enabled device in another independent network receives the PVST BPDUs, a PVST calculation error might occur. To avoid PVST calculation errors, enable PVST BPDU guard on the MSTP-enabled device. The device shuts down a port if the port receives PVST BPDUs.
To enable PVST BPDU guard:
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Enable PVST BPDU guard. |
stp pvst-bpdu-protection |
By default, PVST BPDU guard is disabled. |
Enabling SNMP notifications for new-root election and topology change events
This task enables the device to generate logs and report new-root election events or spanning tree topology changes to SNMP. For the event notifications to be sent correctly, you must also configure SNMP as described in Network Management and Monitoring Configuration Guide.
When you use the snmp-agent trap enable stp [ new-root | tc ] command, follow these guidelines:
· The new root keyword applies only to STP, MSTP, and RSTP modes.
· The tc keyword applies only to PVST mode.
· In STP, MSTP, or RSTP mode, the snmp-agent trap enable stp command enables SNMP notifications for new-root election events.
· In PVST mode, the snmp-agent trap enable stp enables SNMP notifications for spanning tree topology changes.
To enable SNMP notifications for new-root election events:
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Enable SNMP notifications for new-root election events. |
In STP, MSTP, or RSTP mode, execute either of the following commands: · snmp-agent trap enable stp new root · snmp-agent trap enable stp |
The default settings are as follows: · SNMP notifications are disabled for new-root election events. · In MSTP mode, SNMP notifications are enabled in MSTI 0 and disabled in other MSTIs for spanning tree topology changes. · In PVST mode, SNMP notifications are disabled for spanning tree topology changes in all VLANs. |
3. Enable SNMP notifications for spanning tree topology changes. |
In PVST mode, execute either of the following commands: · snmp-agent trap enable stp tc · snmp-agent trap enable stp |
Displaying and maintaining the spanning tree
Execute display commands in any view and reset command in user view.
Task |
Command |
Display information about ports blocked by spanning tree protection features. |
display stp abnormal-port |
Display BPDU statistics on ports. |
display stp bpdu-statistics [ interface interface-type interface-number [ instance instance-list ] ] |
Display information about ports shut down by spanning tree protection features. |
display stp down-port |
Display the port role calculation history for the specified MSTI or all MSTIs. |
display stp [ instance instance-list | vlan vlan-id-list ] history [ slot slot-number ] |
Display the incoming and outgoing TC/TCN BPDU statistics by all ports in the specified MSTI or all MSTIs. |
display stp [ instance instance-list | vlan vlan-id-list ] tc [ slot slot-number ] |
Display the spanning tree status and statistics. |
display stp [ instance instance-list | vlan vlan-id-list ] [ interface interface-list | slot slot-number ] [ brief ] |
Display the MST region configuration information that has taken effect. |
display stp region-configuration |
Display the root bridge information of all MSTIs. |
display stp root |
Clear the spanning tree statistics. |
reset stp [ interface interface-list ] |
MSTP configuration example
Network requirements
As shown in Figure 32, all devices on the network are in the same MST region. Device A and Device B work at the distribution layer. Device C and AC work at the access layer.
Configure MSTP so that frames of different VLANs are forwarded along different spanning trees.
· VLAN 10 frames are forwarded along MSTI 1.
· VLAN 30 frames are forwarded along MSTI 3.
· VLAN 40 frames are forwarded along MSTI 4.
· VLAN 20 frames are forwarded along MSTI 0.
VLAN 10 and VLAN 30 are terminated on the distribution layer devices, and VLAN 40 is terminated on the access layer devices. The root bridges of MSTI 1 and MSTI 3 are Device A and Device B, respectively, and the root bridge of MSTI 4 is AC.
Configuration procedure
1. Configure VLANs and VLAN member ports. (Details not shown.)
? Create VLAN 10, VLAN 20, and VLAN 30 on both Device A and Device B.
? Create VLAN 10, VLAN 20, and VLAN 40 on the AC.
? Create VLAN 20, VLAN 30, and VLAN 40 on Device C.
? Configure the ports on these devices as trunk ports and assign them to related VLANs.
2. Configure Device A:
# Enter MST region view, and configure the MST region name as example.
<DeviceA> system-view
[DeviceA] stp region-configuration
[DeviceA-mst-region] region-name example
# Map VLAN 10, VLAN 30, and VLAN 40 to MSTI 1, MSTI 3, and MSTI 4, respectively.
[DeviceA-mst-region] instance 1 vlan 10
[DeviceA-mst-region] instance 3 vlan 30
[DeviceA-mst-region] instance 4 vlan 40
# Configure the revision level of the MST region as 0.
[DeviceA-mst-region] revision-level 0
# Activate MST region configuration.
[DeviceA-mst-region] active region-configuration
[DeviceA-mst-region] quit
# Configure the current device as the root bridge of MSTI 1.
[DeviceA] stp instance 1 root primary
# Enable the spanning tree feature globally.
[DeviceA] stp global enable
3. Configure Device B:
# Enter MST region view, and configure the MST region name as example.
<DeviceB> system-view
[DeviceB] stp region-configuration
[DeviceB-mst-region] region-name example
# Map VLAN 10, VLAN 30, and VLAN 40 to MSTI 1, MSTI 3, and MSTI 4, respectively.
[DeviceB-mst-region] instance 1 vlan 10
[DeviceB-mst-region] instance 3 vlan 30
[DeviceB-mst-region] instance 4 vlan 40
# Configure the revision level of the MST region as 0.
[DeviceB-mst-region] revision-level 0
# Activate MST region configuration.
[DeviceB-mst-region] active region-configuration
[DeviceB-mst-region] quit
# Configure the current device as the root bridge of MSTI 3.
[DeviceB] stp instance 3 root primary
# Enable the spanning tree feature globally.
[DeviceB] stp global enable
4. Configure the AC:
# Enter MST region view, and configure the MST region name as example.
<AC> system-view
[AC] stp region-configuration
[AC-mst-region] region-name example
# Map VLAN 10, VLAN 30, and VLAN 40 to MSTI 1, MSTI 3, and MSTI 4, respectively.
[AC-mst-region] instance 1 vlan 10
[AC-mst-region] instance 3 vlan 30
[AC-mst-region] instance 4 vlan 40
# Configure the revision level of the MST region as 0.
[AC-mst-region] revision-level 0
# Activate MST region configuration.
[AC-mst-region] active region-configuration
[AC-mst-region] quit
# Configure the current device as the root bridge of MSTI 4.
[AC] stp instance 4 root primary
# Enable the spanning tree feature globally.
[AC] stp global enable
5. Configure Device C:
# Enter MST region view, and configure the MST region name as example.
<DeviceC> system-view
[DeviceC] stp region-configuration
[DeviceC-mst-region] region-name example
# Map VLAN 10, VLAN 30, and VLAN 40 to MSTI 1, MSTI 3, and MSTI 4, respectively.
[DeviceC-mst-region] instance 1 vlan 10
[DeviceC-mst-region] instance 3 vlan 30
[DeviceC-mst-region] instance 4 vlan 40
# Configure the revision level of the MST region as 0.
[DeviceC-mst-region] revision-level 0
# Activate MST region configuration.
[DeviceC-mst-region] active region-configuration
[DeviceC-mst-region] quit
# Enable the spanning tree feature globally.
[DeviceC] stp global enable
Verifying the configuration
In this example, Device B has the lowest root bridge ID. As a result, Device B is elected as the root bridge in MSTI 0.
When the network is stable, you can use the display stp brief command to display brief spanning tree information on each device.
# Display brief spanning tree information on Device A.
[DeviceA] display stp brief
[DeviceA] display stp brief
MST ID Port Role STP State Protection
0 GigabitEthernet1/0/1 ALTE DISCARDING NONE
0 GigabitEthernet1/0/2 DESI FORWARDING NONE
0 GigabitEthernet1/0/3 ROOT FORWARDING NONE
1 GigabitEthernet1/0/1 DESI FORWARDING NONE
1 GigabitEthernet1/0/3 DESI FORWARDING NONE
3 GigabitEthernet1/0/2 DESI FORWARDING NONE
3 GigabitEthernet1/0/3 ROOT FORWARDING NONE
# Display brief spanning tree information on Device B.
[DeviceB] display stp brief
MST ID Port Role STP State Protection
0 GigabitEthernet1/0/1 DESI FORWARDING NONE
0 GigabitEthernet1/0/2 DESI FORWARDING NONE
0 GigabitEthernet1/0/3 DESI FORWARDING NONE
1 GigabitEthernet1/0/2 DESI FORWARDING NONE
1 GigabitEthernet1/0/3 ROOT FORWARDING NONE
3 GigabitEthernet1/0/1 DESI FORWARDING NONE
3 GigabitEthernet1/0/3 DESI FORWARDING NONE
# Display brief spanning tree information on the AC.
[AC] display stp brief
MST ID Port Role STP State Protection
0 GigabitEthernet1/0/1 DESI FORWARDING NONE
0 GigabitEthernet1/0/2 ROOT FORWARDING NONE
0 GigabitEthernet1/0/3 DESI FORWARDING NONE
1 GigabitEthernet1/0/1 ROOT FORWARDING NONE
1 GigabitEthernet1/0/2 ALTE DISCARDING NONE
4 GigabitEthernet1/0/3 DESI FORWARDING NONE
# Display brief spanning tree information on Device C.
[DeviceC] display stp brief
MST ID Port Role STP State Protection
0 GigabitEthernet1/0/1 ROOT FORWARDING NONE
0 GigabitEthernet1/0/2 ALTE DISCARDING NONE
0 GigabitEthernet1/0/3 ALTE DISCARDING NONE
3 GigabitEthernet1/0/1 ROOT FORWARDING NONE
3 GigabitEthernet1/0/2 ALTE DISCARDING NONE
4 GigabitEthernet1/0/3 ROOT FORWARDING NONE
Based on the output, you can draw each MSTI mapped to each VLAN, as shown in Figure 33.
Figure 33 MSTIs mapped to different VLANs
Configuring LLDP
Support for interfaces of different types varies by device model. For more information, see Ethernet interface configuration in Interface Configuration Guide.
Overview
In a heterogeneous network, a standard configuration exchange platform ensures that different types of network devices from different vendors can discover one another and exchange configuration.
The Link Layer Discovery Protocol (LLDP) is specified in IEEE 802.1AB. The protocol operates on the data link layer to exchange device information between directly connected devices. With LLDP, a device sends local device information as TLV (type, length, and value) triplets in LLDP Data Units (LLDPDUs) to the directly connected devices. Local device information includes its system capabilities, management IP address, device ID, port ID, and so on. The device stores the device information in LLDPDUs from the LLDP neighbors in a standard MIB. For more information about MIBs, see Network Management and Monitoring Configuration Guide. LLDP enables a network management system to quickly detect and identify Layer 2 network topology changes.
Basic concepts
LLDP agent
An LLDP agent is a mapping of an entity where LLDP runs. Multiple LLDP agents can run on the same interface.
LLDP agents are divided into the following types:
· Nearest bridge agent.
· Nearest customer bridge agent.
· Nearest non-TPMR bridge agent.
A Two-port MAC Relay (TPMR) is a type of bridge that has only two externally-accessible bridge ports. It supports a subset of the features of a MAC bridge. A TPMR is transparent to all frame-based media-independent protocols except for the following protocols:
· Protocols destined to it.
· Protocols destined to reserved MAC addresses that the relay feature of the TPMR is configured not to forward.
LLDP exchanges packets between neighbor agents and creates and maintains neighbor information for them. Figure 34 shows the neighbor relationships for these LLDP agents. LLDP has two bridge modes: customer bridge (CB) and service bridge (SB).
Figure 34 LLDP neighbor relationships
LLDP frame formats
LLDP sends device information in LLDP frames. LLDP frames are encapsulated in Ethernet II or Subnetwork Access Protocol (SNAP) frames.
· LLDP frame encapsulated in Ethernet II
Figure 35 Ethernet II-encapsulated LLDP frame
Table 11 Fields in an Ethernet II-encapsulated LLDP frame
Field |
Description |
Destination MAC address |
MAC address to which the LLDP frame is advertised. LLDP specifies different multicast MAC addresses as destination MAC addresses for LLDP frames destined for agents of different types. This helps distinguish between LLDP frames sent and received by different agent types on the same interface. The destination MAC address is fixed to one of the following multicast MAC addresses: · 0x0180-C200-000E for LLDP frames destined for nearest bridge agents. · 0x0180-C200-0000 for LLDP frames destined for nearest customer bridge agents. · 0x0180-C200-0003 for LLDP frames destined for nearest non-TPMR bridge agents. |
Source MAC address |
MAC address of the sending port. |
Type |
Ethernet type for the upper-layer protocol. This field is 0x88CC for LLDP. |
Data |
LLDPDU. |
FCS |
Frame check sequence, a 32-bit CRC value used to determine the validity of the received Ethernet frame. |
· LLDP frame encapsulated in SNAP
Figure 36 SNAP-encapsulated LLDP frame
Table 12 Fields in a SNAP-encapsulated LLDP frame
Field |
Description |
Destination MAC address |
MAC address to which the LLDP frame is advertised. It is the same as that for Ethernet II-encapsulated LLDP frames. |
Source MAC address |
MAC address of the sending port. |
Type |
SNAP type for the upper-layer protocol. This field is 0xAAAA-0300-0000-88CC for LLDP. |
Data |
LLDPDU. |
FCS |
Frame check sequence, a 32-bit CRC value used to determine the validity of the received Ethernet frame. |
LLDPDUs
LLDP uses LLDPDUs to exchange information. An LLDPDU comprises multiple TLVs. Each TLV carries a type of device information, as shown in Figure 37.
Figure 37 LLDPDU encapsulation format
An LLDPDU can carry up to 32 types of TLVs. Mandatory TLVs include Chassis ID TLV, Port ID TLV, and Time to Live TLV. Other TLVs are optional.
TLVs
A TLV is an information element that contains the type, length, and value fields.
LLDPDU TLVs include the following categories:
· Basic management TLVs
· Organizationally (IEEE 802.1 and IEEE 802.3) specific TLVs
· LLDP-MED (media endpoint discovery) TLVs
Basic management TLVs are essential to device management.
Organizationally specific TLVs and LLDP-MED TLVs are used for enhanced device management. They are defined by standardization or other organizations and are optional for LLDPDUs.
· Basic management TLVs
Table 13 lists the basic management TLV types. Some of them are mandatory for LLDPDUs.
Table 13 Basic management TLVs
Type |
Description |
Remarks |
Chassis ID |
Specifies the bridge MAC address of the sending device. |
Mandatory. |
Port ID |
Specifies the ID of the sending port: · If the LLDPDU carries LLDP-MED TLVs, the port ID TLV carries the MAC address of the sending port. · Otherwise, the port ID TLV carries the port name. |
|
Time to Live |
Specifies the life of the transmitted information on the receiving device. |
|
End of LLDPDU |
Marks the end of the TLV sequence in the LLDPDU. |
Optional. |
Port Description |
Specifies the description for the sending port. |
|
System Name |
Specifies the assigned name of the sending device. |
|
System Description |
Specifies the description for the sending device. |
|
System Capabilities |
Identifies the primary features of the sending device and the enabled primary features. |
|
Management Address |
Specifies the following elements: · The management address of the local device. · The interface number and object identifier (OID) associated with the address. |
· IEEE 802.1 organizationally specific TLVs
Table 14 IEEE 802.1 organizationally specific TLVs
Type |
Description |
Port VLAN ID (PVID) |
Specifies the port VLAN identifier. |
Port And Protocol VLAN ID (PPVID) |
Indicates whether the device supports protocol VLANs and, if so, what VLAN IDs these protocols will be associated with. |
VLAN Name |
Specifies the textual name of any VLAN to which the port belongs. |
Protocol Identity |
Indicates protocols supported on the port. |
DCBX |
Data center bridging exchange protocol. DCBX TLVs are not supported in the current software version. |
EVB module |
Edge Virtual Bridging module, including EVB TLV and CDCP TLV. EVB TLVs are not supported in the current software version. |
Link Aggregation |
Indicates whether the port supports link aggregation, and if yes, whether link aggregation is enabled. |
Management VID |
Management VLAN ID. |
VID Usage Digest |
VLAN ID usage digest. |
ETS Configuration |
Enhanced Transmission Selection configuration. |
ETS Recommendation |
ETS recommendation. |
PFC |
Priority-based Flow Control. |
APP |
Application protocol. |
QCN |
Quantized Congestion Notification. |
|
NOTE: · H3C devices support only receiving protocol identity TLVs and VID usage digest TLVs. · Layer 3 Ethernet ports support only link aggregation TLVs. |
· IEEE 802.3 organizationally specific TLVs
Table 15 IEEE 802.3 organizationally specific TLVs
Type |
Description |
MAC/PHY Configuration/Status |
Contains the bit-rate and duplex capabilities of the port, support for autonegotiation, enabling status of autonegotiation, and the current rate and duplex mode. |
Power Via MDI |
Contains the power supply capabilities of the port: · Port class (PSE or PD). · Power supply mode. · Whether PSE power supply is supported. · Whether PSE power supply is enabled. · Whether pair selection can be controlled. · Power supply type. · Power source. · Power priority. · PD requested power. · PSE allocated power. |
Maximum Frame Size |
Indicates the supported maximum frame size. |
Power Stateful Control |
Indicates the power state control configured on the sending port, including the following: · Power supply mode of the PSE/PD. · PSE/PD priority. · PSE/PD power. |
Energy-Efficient Ethernet |
Indicates Energy Efficient Ethernet (EEE). |
|
NOTE: The Power Stateful Control TLV is defined in IEEE P802.3at D1.0 and is not supported in later versions. H3C devices send this type of TLVs only after receiving them. |
· LLDP-MED TLVs
LLDP-MED TLVs provide multiple advanced applications for voice over IP (VoIP), such as basic configuration, network policy configuration, and address and directory management. LLDP-MED TLVs provide a cost-effective and easy-to-use solution for deploying voice devices in Ethernet. LLDP-MED TLVs are shown in Table 16.
Type |
Description |
LLDP-MED Capabilities |
Allows a network device to advertise the LLDP-MED TLVs that it supports. |
Network Policy |
Allows a network device or terminal device to advertise the VLAN ID of a port, the VLAN type, and the Layer 2 and Layer 3 priorities for specific applications. |
Extended Power-via-MDI |
Allows a network device or terminal device to advertise power supply capability. This TLV is an extension of the Power Via MDI TLV. |
Hardware Revision |
Allows a terminal device to advertise its hardware version. |
Firmware Revision |
Allows a terminal device to advertise its firmware version. |
Software Revision |
Allows a terminal device to advertise its software version. |
Serial Number |
Allows a terminal device to advertise its serial number. |
Manufacturer Name |
Allows a terminal device to advertise its vendor name. |
Model Name |
Allows a terminal device to advertise its model name. |
Asset ID |
Allows a terminal device to advertise its asset ID. The typical case is that the user specifies the asset ID for the endpoint to facilitate directory management and asset tracking. |
Location Identification |
Allows a network device to advertise the appropriate location identifier information for a terminal device to use in the context of location-based applications. |
|
NOTE: · If the MAC/PHY configuration/status TLV is not advertisable, none of the LLDP-MED TLVs will be advertised even if they are advertisable. · If the LLDP-MED capabilities TLV is not advertisable, the other LLDP-MED TLVs will not be advertised even if they are advertisable. |
Management address
The network management system uses the management address of a device to identify and manage the device for topology maintenance and network management. The management address is encapsulated in the management address TLV.
Working mechanism
LLDP operating modes
An LLDP agent can operate in one of the following modes:
· TxRx mode—An LLDP agent in this mode can send and receive LLDP frames.
· Tx mode—An LLDP agent in this mode can only send LLDP frames.
· Rx mode—An LLDP agent in this mode can only receive LLDP frames.
· Disable mode—An LLDP agent in this mode cannot send or receive LLDP frames.
Each time the LLDP operating mode of an LLDP agent changes, its LLDP protocol state machine reinitializes. A configurable reinitialization delay prevents frequent initializations caused by frequent changes to the operating mode. If you configure the reinitialization delay, an LLDP agent must wait the specified amount of time to initialize LLDP after the LLDP operating mode changes.
Transmitting LLDP frames
An LLDP agent operating in TxRx mode or Tx mode sends LLDP frames to its directly connected devices both periodically and when the local configuration changes. To prevent LLDP frames from overwhelming the network during times of frequent changes to local device information, LLDP uses the token bucket mechanism to rate limit LLDP frames. For more information about the token bucket mechanism, see ACL and QoS Configuration Guide.
LLDP automatically enables the fast LLDP frame transmission mechanism in either of the following cases:
· A new LLDP frame is received and carries device information new to the local device.
· The LLDP operating mode of the LLDP agent changes from Disable or Rx to TxRx or Tx.
The fast LLDP frame transmission mechanism successively sends the specified number of LLDP frames at a configurable fast LLDP frame transmission interval. The mechanism helps LLDP neighbors discover the local device as soon as possible. Then, the normal LLDP frame transmission interval resumes.
Receiving LLDP frames
An LLDP agent operating in TxRx mode or Rx mode confirms the validity of TLVs carried in every received LLDP frame. If the TLVs are valid, the LLDP agent saves the information and starts an aging timer. The initial value of the aging timer is equal to the TTL value in the Time To Live TLV carried in the LLDP frame. When the LLDP agent receives a new LLDP frame, the aging timer restarts. When the aging timer decreases to zero, all saved information ages out.
Protocols and standards
· IEEE 802.1AB-2005, Station and Media Access Control Connectivity Discovery
· IEEE 802.1AB-2009, Station and Media Access Control Connectivity Discovery
· ANSI/TIA-1057, Link Layer Discovery Protocol for Media Endpoint Devices
· DCB Capability Exchange Protocol Specification Rev 1.00
· DCB Capability Exchange Protocol Base Specification Rev 1.01
· IEEE Std 802.1Qaz-2011, Media Access Control (MAC) Bridges and Virtual Bridged Local Area Networks-Amendment 18: Enhanced Transmission Selection for Bandwidth Sharing Between Traffic Classes
LLDP configuration task list
Tasks at a glance |
Performing basic LLDP configurations: · (Required.) Enabling LLDP · (Optional.) Setting the LLDP bridge mode · (Optional.) Setting the LLDP operating mode · (Optional.) Setting the LLDP reinitialization delay · (Optional.) Enabling LLDP polling · (Optional.) Configuring the advertisable TLVs · (Optional.) Configuring the management address and its encoding format · (Optional.) Setting other LLDP parameters · (Optional.) Setting an encapsulation format for LLDP frames · (Optional.) Disabling LLDP PVID inconsistency check |
Performing basic LLDP configurations
Enabling LLDP
To make LLDP take effect on specific ports, you must enable LLDP both globally and on these ports.
To enable LLDP:
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Enable LLDP globally. |
lldp global enable |
By default, LLDP is enabled globally. |
3. Enter Layer 2/Layer 3 Ethernet interface view, management Ethernet interface view, or Layer 2 aggregate interface view. |
interface interface-type interface-number |
N/A |
4. Enable LLDP. |
lldp enable |
By default, LLDP is enabled on a port. |
Setting the LLDP bridge mode
The following LLDP bridge modes are available:
· Customer bridge mode—LLDP supports nearest bridge agents, nearest non-TPMR bridge agents, and nearest customer bridge agents. LLDP processes the LLDP frames with destination MAC addresses for these agents and transparently transmits the LLDP frames with other destination MAC addresses in the VLAN.
· Service bridge mode—LLDP supports nearest bridge agents and nearest non-TPMR bridge agents. LLDP processes the LLDP frames with destination MAC addresses for these agents and transparently transmits the LLDP frames with other destination MAC addresses in the VLAN.
To set the LLDP bridge mode:
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Set the LLDP bridge mode to service bridge. |
lldp mode service-bridge |
By default, LLDP operates in customer bridge mode. |
Setting the LLDP operating mode
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Enter Layer 2/Layer 3 Ethernet interface view, management Ethernet interface view, or Layer 2 aggregate interface view. |
interface interface-type interface-number |
N/A |
3. Set the LLDP operating mode. |
· In Layer 2/Layer 3 Ethernet
interface view or management Ethernet interface view: · In Layer 2 aggregate interface
view: |
By default: · The nearest bridge agent operates in txrx mode. · The nearest customer bridge agent and nearest non-TPMR bridge agent operate in disable mode. In Ethernet interface view, if you do not specify an agent type, the command sets the operating mode for nearest bridge agents. In aggregate interface view, you can set the operating mode only for nearest customer bridge agents and nearest non-TPMR bridge agents. |
Setting the LLDP reinitialization delay
When the LLDP operating mode changes on a port, the port initializes the protocol state machines after an LLDP reinitialization delay. By adjusting the delay, you can avoid frequent initializations caused by frequent changes to the LLDP operating mode on a port.
To set the LLDP reinitialization delay for ports:
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Set the LLDP reinitialization delay. |
lldp timer reinit-delay delay |
The default setting is 2 seconds. |
Enabling LLDP polling
With LLDP polling enabled, a device periodically searches for local configuration changes. When the device detects a configuration change, it sends LLDP frames to inform neighboring devices of the change.
To enable LLDP polling:
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Enter Layer 2/Layer 3 Ethernet interface view, management Ethernet interface view, or Layer 2 aggregate interface view. |
interface interface-type interface-number |
N/A |
3. Enable LLDP polling and set the polling interval. |
· In Layer 2/Layer 3 Ethernet
interface view or management Ethernet interface view: · In Layer 2
aggregate interface view: |
By default, LLDP polling is disabled. |
Configuring the advertisable TLVs
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Enter Layer 2/Layer 3 Ethernet interface view, management Ethernet interface view, or Layer 2 aggregate interface view. |
interface interface-type interface-number |
N/A |
3. Configure the advertisable TLVs (in Layer 2 Ethernet interface view). |
· lldp tlv-enable { basic-tlv { all | port-description | system-capability | system-description | system-name | management-address-tlv [ ipv6 ] [ ip-address ] } | dot1-tlv { all | port-vlan-id | link-aggregation | protocol-vlan-id [ vlan-id ] | vlan-name [ vlan-id ] | management-vid [ mvlan-id ] } | dot3-tlv { all | mac-physic | max-frame-size | power } | med-tlv { all | capability | inventory | network-policy [ vlan-id ] | power-over-ethernet | location-id { civic-address device-type country-code { ca-type ca-value }&<1-10> | elin-address tel-number } } } · lldp agent nearest-nontpmr tlv-enable { basic-tlv { all | port-description | system-capability | system-description | system-name | management-address-tlv [ ipv6 ] [ ip-address ] } | dot1-tlv { all | port-vlan-id | link-aggregation } } · lldp agent nearest-customer tlv-enable { basic-tlv { all | port-description | system-capability | system-description | system-name | management-address-tlv [ ipv6 ] [ ip-address ] } | dot1-tlv { all | port-vlan-id | link-aggregation } } |
By default: · Nearest bridge agents can advertise all LLDP TLVs except the location identification, port and protocol VLAN ID, VLAN name, management VLAN ID, and Energy-Efficient Ethernet TLVs. · Nearest customer bridge agents can advertise basic TLVs and IEEE 802.1 organizationally specific TLVs. |
4. Configure the advertisable TLVs (in Layer 3 Ethernet interface view). |
· lldp tlv-enable { basic-tlv { all | port-description | system-capability | system-description | system-name | management-address-tlv [ ipv6 ] [ ip-address | interface loopback interface-number ] } | dot1-tlv { all | link-aggregation } | dot3-tlv { all | mac-physic | max-frame-size | power } | med-tlv { all | capability | inventory | power-over-ethernet | location-id { civic-address device-type country-code { ca-type ca-value }&<1-10> | elin-address tel-number } } } · lldp agent { nearest-nontpmr | nearest-customer } tlv-enable { basic-tlv { all | port-description | system-capability | system-description | system-name | management-address-tlv [ ipv6 ] [ ip-address ] } | dot1-tlv { all | link-aggregation } } |
By default: · Nearest bridge agents can advertise all types of LLDP TLVs (only link aggregation TLV is supported in 802.1 organizationally specific TLVs) except network policy and Energy-Efficient Ethernet TLVs. · Nearest non-TPMR bridge agents do not advertise TLVs. · Nearest customer bridge agents can advertise basic TLVs and IEEE 802.1 organizationally specific TLVs (only link aggregation TLV is supported). |
5. Configure the advertisable TLVs (in management Ethernet interface view). |
· lldp tlv-enable { basic-tlv { all | port-description | system-capability | system-description | system-name | management-address-tlv [ ipv6 ] [ ip-address ] } | dot1-tlv { all | link-aggregation } | dot3-tlv { all | mac-physic | max-frame-size | power } | med-tlv { all | capability | inventory | power-over-ethernet | location-id { civic-address device-type country-code { ca-type ca-value }&<1-10> | elin-address tel-number } } } · lldp agent { nearest-nontpmr | nearest-customer } tlv-enable { basic-tlv { all | port-description | system-capability | system-description | system-name | management-address-tlv [ ipv6 ] [ ip-address ] } | dot1-tlv { all | link-aggregation } } |
By default: · Nearest bridge agents can advertise all types of LLDP TLVs (only link aggregation TLV is supported in 802.1 organizationally specific TLVs) except network policy and Energy-Efficient Ethernet TLVs. · Nearest non-TPMR bridge agents do not advertise TLVs. · Nearest customer bridge agents can advertise basic TLVs and IEEE 802.1 organizationally specific TLVs (only link aggregation TLV is supported). |
6. Configure the advertisable TLVs (in Layer 2 aggregate interface view). |
· lldp agent nearest-nontpmr tlv-enable { basic-tlv { all | management-address-tlv [ ipv6 ] [ ip-address ] | port-description | system-capability | system-description | system-name } | dot1-tlv { all | port-vlan-id } } · lldp agent nearest-customer tlv-enable { basic-tlv { all | management-address-tlv [ ipv6 ] [ ip-address ] | port-description | system-capability | system-description | system-name } | dot1-tlv { all | port-vlan-id } } · lldp tlv-enable dot1-tlv { protocol-vlan-id [ vlan-id ] | vlan-name [ vlan-id ] | management-vid [ mvlan-id ] } |
By default, nearest customer bridge agents can advertise basic TLVs and IEEE 802.1 organizationally specific TLVs (only port and protocol VLAN ID, VLAN name, and management VLAN ID TLVs are supported). Nearest bridge agents are not supported on Layer 2 aggregate interfaces. |
Configuring the management address and its encoding format
LLDP encodes management addresses in numeric or string format in management address TLVs.
If a neighbor encodes its management address in string format, set the encoding format of the management address to string on the connecting port. This guarantees normal communication with the neighbor.
To configure a management address to be advertised and its encoding format on a port:
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Enter Layer 2/Layer 3 Ethernet interface view, management Ethernet interface view, or Layer 2 aggregate interface view. |
interface interface-type interface-number |
N/A |
3. Allow LLDP to advertise the management address in LLDP frames and configure the advertised management address. |
· In Layer 2 Ethernet interface view or management
Ethernet interface view: · In Layer 3 Ethernet interface view: · In Layer 2 aggregate interface view: |
By default: · Nearest bridge agents and nearest customer bridge agents can advertise the management address in LLDP frames. · Nearest non-TPMR bridge agents cannot advertise the management address in LLDP frames. |
4. Set the encoding format of the management address to string. |
· In Layer 2/Layer 3 Ethernet
interface view or management Ethernet interface view: · In Layer 2 aggregate interface view: |
By default, the encoding format of the management address is numeric. |
Setting other LLDP parameters
The Time to Live TLV carried in an LLDPDU determines how long the device information carried in the LLDPDU can be saved on a recipient device.
By setting the TTL multiplier, you can configure the TTL of locally sent LLDPDUs. The TTL is expressed by using the following formula:
TTL = Min (65535, (TTL multiplier × LLDP frame transmission interval + 1))
As the expression shows, the TTL can be up to 65535 seconds. TTLs greater than 65535 will be rounded down to 65535 seconds.
To set LLDP parameters:
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Set the TTL multiplier. |
lldp hold-multiplier value |
The default setting is 4. |
3. Set the LLDP frame transmission interval. |
lldp timer tx-interval interval |
The default setting is 30 seconds. |
4. Set the token bucket size for sending LLDP frames. |
lldp max-credit credit-value |
The default setting is 5. |
5. Set the number of LLDP frames sent each time fast LLDP frame transmission is triggered. |
lldp fast-count count |
The default setting is 4. |
6. Set the fast LLDP frame transmission interval. |
lldp timer fast-interval interval |
The default setting is 1 second. |
Setting an encapsulation format for LLDP frames
LLDP frames can be encapsulated in the following formats:
· Ethernet II—With Ethernet II encapsulation configured, an LLDP port sends LLDP frames in Ethernet II frames.
· SNAP—With SNAP encapsulation configured, an LLDP port sends LLDP frames in SNAP frames.
Earlier versions of LLDP require the same encapsulation format on both ends to process LLDP frames. To successfully communicate with a neighboring device running an earlier version of LLDP, the local device must be set with the same encapsulation format.
To set the encapsulation format for LLDP frames to SNAP:
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Enter Layer 2/Layer 3 Ethernet interface view, management Ethernet interface view, or Layer 2 aggregate interface view. |
interface interface-type interface-number |
N/A |
3. Set the encapsulation format for LLDP frames to SNAP. |
· In Layer 2/Layer 3 Ethernet
interface view or management Ethernet interface view: · In Layer 2 aggregate interface view: |
By default, Ethernet II encapsulation format applies. |
Disabling LLDP PVID inconsistency check
By default, when the system receives an LLDP packet, it compares the PVID value contained in the packet with the PVID configured on the receiving interface. If the two PVIDs do not match, a log message will be printed to notify the user.
You can disable PVID inconsistency check if different PVIDs are required on a link.
To disable LLDP PVID inconsistency check:
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Disable LLDP PVID inconsistency check. |
lldp ignore-pvid-inconsistency |
By default, LLDP PVID inconsistency check is enabled. |
Configuring LLDP trapping and LLDP-MED trapping
LLDP trapping or LLDP-MED trapping notifies the network management system of events such as newly detected neighboring devices and link failures.
To prevent excessive LLDP traps from being sent when the topology is unstable, set a trap transmission interval for LLDP.
To configure LLDP trapping and LLDP-MED trapping:
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Enter Layer 2/Layer 3 Ethernet interface view, management Ethernet interface view, or Layer 2 aggregate interface view. |
interface interface-type interface-number |
N/A |
3. Enable LLDP trapping. |
· In Layer 2/Layer 3 Ethernet
interface view or management Ethernet interface view: · In Layer 2 aggregate interface view: |
By default, LLDP trapping is disabled. |
4. Enable LLDP-MED trapping (in Layer 2/Layer 3 Ethernet interface view or management Ethernet interface view). |
lldp notification med-topology-change enable |
By default, LLDP-MED trapping is disabled. |
5. Return to system view. |
quit |
N/A |
6. (Optional.) Set the LLDP trap transmission interval. |
lldp timer notification-interval interval |
The default setting is 30 seconds. |
Displaying and maintaining LLDP
Execute display commands in any view.
Command |
|
Display local LLDP information. |
display lldp local-information [ global | interface interface-type interface-number ] |
Display the information contained in the LLDP TLVs sent from neighboring devices. |
display lldp neighbor-information [ [ [ interface interface-type interface-number ] [ agent { nearest-bridge | nearest-customer | nearest-nontpmr } ] [ verbose ] ] | list [ system-name system-name ] ] |
Display LLDP statistics. |
display lldp statistics [ global | [ interface interface-type interface-number ] [ agent { nearest-bridge | nearest-customer | nearest-nontpmr } ] ] |
Display LLDP status of a port. |
display lldp status [ interface interface-type interface-number ] [ agent { nearest-bridge | nearest-customer | nearest-nontpmr } ] |
Display types of advertisable optional LLDP TLVs. |
display lldp tlv-config [ interface interface-type interface-number ] [ agent { nearest-bridge | nearest-customer | nearest-nontpmr } ] |
Basic LLDP configuration example
Network requirements
As shown in Figure 38, configure LLDP on the switch and the AC to monitor the link between them.
Configuration procedure
1. Configure the switch:
# Enable LLDP globally.
<Switch> system-view
[Switch] lldp global enable
# Enable LLDP on GigabitEthernet 1/0/1. By default, LLDP is enabled on ports.
[Switch] interface gigabitethernet 1/0/1
[Switch-GigabitEthernet1/0/1] lldp enable
# Set the LLDP operating mode to Rx on GigabitEthernet 1/0/1.
[Switch-GigabitEthernet1/0/1] lldp admin-status rx
[Switch-GigabitEthernet1/0/1] quit
# Enable LLDP on GigabitEthernet 1/0/2. By default, LLDP is enabled on ports.
[Switch] interface gigabitethernet1/2
[Switch-GigabitEthernet1/0/2] lldp enable
# Set the LLDP operating mode to Rx on GigabitEthernet 1/0/2.
[Switch-GigabitEthernet1/0/2] lldp admin-status rx
[Switch-GigabitEthernet1/0/2] quit
2. Configure the AC:
# Enable LLDP globally.
<AC> system-view
[AC] lldp global enable
# Enable LLDP on GigabitEthernet 1/0/1. By default, LLDP is enabled on ports.
[AC] interface gigabitethernet 1/0/1
[AC-GigabitEthernet1/0/1] lldp enable
# Set the LLDP operating mode to Tx on GigabitEthernet 1/0/1.
[AC-GigabitEthernet1/0/1] lldp admin-status tx
[AC-GigabitEthernet1/0/1] quit
Verifying the configuration
# Verify that GigabitEthernet 1/0/2 of the switch meets the following conditions:
· The port connects to a neighboring device.
· The port operates in Rx mode, and it can receive LLDP frames but cannot send LLDP frames.
[Switch] display lldp status
Global status of LLDP: Enable
Bridge mode of LLDP: customer-bridge
The current number of LLDP neighbors: 2
The current number of CDP neighbors: 0
LLDP neighbor information last changed time: 0 days, 0 hours, 4 minutes, 40 seconds
Transmit interval : 30s
Fast transmit interval : 1s
Transmit credit max : 5
Hold multiplier : 4
Reinit delay : 2s
Trap interval : 30s
Fast start times : 4
LLDP status information of port 2 [GigabitEthernet1/0/2]:
LLDP agent nearest-bridge:
Port status of LLDP : Enable
Admin status : Rx_Only
Trap flag : No
MED trap flag : No
Polling interval : 0s
Number of LLDP neighbors : 1
Number of MED neighbors : 0
Number of CDP neighbors : 0
Number of sent optional TLV : 21
Number of received unknown TLV : 3
LLDP agent nearest-nontpmr:
Port status of LLDP : Enable
Admin status : Disable
Trap flag : No
MED trap flag : No
Polling interval : 0s
Number of LLDP neighbors : 0
Number of MED neighbors : 0
Number of CDP neighbors : 0
Number of sent optional TLV : 1
Number of received unknown TLV : 0
LLDP agent nearest-customer:
Port status of LLDP : Enable
Admin status : Disable
Trap flag : No
MED trap flag : No
Polling interval : 0s
Number of LLDP neighbors : 0
Number of MED neighbors : 0
Number of CDP neighbors : 0
Number of sent optional TLV : 16
Number of received unknown TLV : 0
# Remove the link between the switch and the AC.
# Verify that GigabitEthernet 1/0/2 of the switch does not connect to any neighboring devices.
[Switch] display lldp status
Global status of LLDP: Enable
The current number of LLDP neighbors: 1
The current number of CDP neighbors: 0
LLDP neighbor information last changed time: 0 days, 0 hours, 5 minutes, 20 seconds
Transmit interval : 30s
Fast transmit interval : 1s
Transmit credit max : 5
Hold multiplier : 4
Reinit delay : 2s
Trap interval : 30s
Fast start times : 4
LLDP status information of port 2 [GigabitEthernet1/0/2]:
LLDP agent nearest-bridge:
Port status of LLDP : Enable
Admin status : Rx_Only
Trap flag : No
MED trap flag : No
Polling interval : 0s
Number of LLDP neighbors : 0
Number of MED neighbors : 0
Number of CDP neighbors : 0
Number of sent optional TLV : 0
Number of received unknown TLV : 0
LLDP agent nearest-nontpmr:
Port status of LLDP : Enable
Admin status : Disable
Trap flag : No
MED trap flag : No
Polling interval : 0s
Number of LLDP neighbors : 0
Number of MED neighbors : 0
Number of CDP neighbors : 0
Number of sent optional TLV : 1
Number of received unknown TLV : 0
LLDP agent nearest-customer:
Port status of LLDP : Enable
Admin status : Disable
Trap flag : No
MED trap flag : No
Polling interval : 0s
Number of LLDP neighbors : 0
Number of MED neighbors : 0
Number of CDP neighbors : 0
Number of sent optional TLV : 16
Number of received unknown TLV : 0
Configuring Layer 2 forwarding
Command and hardware compatibility
The WX1800H series access controllers do not support the slot keyword or the slot-number argument.
Configuring normal Layer 2 forwarding
When an incoming frame's destination MAC address does not match any Layer 3 interface's MAC address, normal Layer 2 forwarding forwards the frame through a Layer 2 interface.
The device uses the destination MAC address of the frame to look for a match in the MAC address table.
· The device forwards the frame out of the outgoing interface in the matching entry if a match is found.
· The device floods the frame to all interfaces in the VLAN of the frame if no match is found.
Configuration procedure
Normal Layer 2 forwarding is enabled by default.
Displaying and maintaining normal Layer 2 forwarding
Execute display commands in any view and reset commands in user view.
Task |
Command |
Display Layer 2 forwarding statistics. |
display mac-forwarding statistics [ interface interface-type interface-number ] |
Clear Layer 2 forwarding statistics. |
Configuring fast Layer 2 forwarding
Fast Layer 2 forwarding improves packet forwarding efficiency by using a high-speed cache and flow-based technology. It identifies a flow by using the following items:
· Source IP address.
· Source port number.
· Destination IP address.
· Destination port number.
· Protocol number.
· Input interface.
· Output interface.
· VLAN ID.
Fast Layer 2 forwarding creates an entry in a high-speed cache by obtaining the forwarding information of a flow's first packet. Subsequent packets of the flow are forwarded based on the entry.
Configuration procedure
Fast Layer 2 forwarding is enabled by default.
Displaying and maintaining fast Layer 2 forwarding
Execute display commands in any view.
Task |
Command |
Display IPv4 fast forwarding entries. |
display mac-forwarding cache ip [ ip-address ] [ slot slot-number ] |
Display IPv4 fast forwarding entries for fragments. |
display mac-forwarding cache ip fragment [ ip-address ] [ slot slot-number ] |
Display IPv6 fast forwarding entries. |
display mac-forwarding cache ipv6 [ ipv6-address ] [ slot slot-number ] |
Configuring VLAN termination
Overview
VLAN termination typically processes packets that include VLAN tags. A VLAN termination-enabled interface performs the following tasks when receiving a VLAN-tagged packet:
1. Assigns the packet to an interface according to its VLAN tags.
2. Removes the VLAN tags of the packet.
3. Delivers the packet to Layer 3 forwarding or other processing pipelines.
Before sending the packet, the VLAN termination-enabled interface determines whether to add new VLAN tags to the packet, based on the VLAN termination type.
VLAN termination can also process packets that do not include any VLAN tags.
This document uses the following VLAN tag concepts for a packet that has two or more layers of VLAN tags:
· Layer 1 VLAN tag—Specifies the outermost layer of VLAN tags.
· Layer 2 VLAN tag—Specifies the second outermost layer of VLAN tags.
The VLAN IDs of the packets are numbered in the same manner as the VLAN tags.
VLAN termination types
Types of packets to be terminated on the interface |
Tagging status of outgoing packets on the interface |
|
Dot1q termination |
The packets must meet both of the following requirements: · The packets include one or more layers of VLAN tags. · The outermost VLAN tag matches the configured value. |
Single-tagged |
QinQ termination |
The packets must meet both of the following requirements: · The packets include two or more layers of VLAN tags. · The outermost two layers of tags match the configured values. |
Double-tagged |
Untagged termination |
Untagged packets |
Untagged |
Default termination |
Packets that cannot be processed on any other subinterfaces of the same main interface |
Untagged |
VLAN termination application scenarios
Inter-VLAN communication
Hosts in different VLANs cannot directly communicate with each other. You can use Layer 3 routing to allow all VLANs to communicate. To restrict communication to the specified VLANs, configure VLAN termination on subinterfaces or VLAN interfaces.
As shown in Figure 39, Host A and Host B are in different VLANs. The two hosts can communicate with each other after you perform the following tasks:
1. Specify 1.1.1.1/24 and 1.1.2.1/24 as the gateway IP addresses for Host A and Host B, respectively.
2. On the device, configure VLAN termination on Layer 3 Ethernet subinterfaces GigabitEthernet 1/0/1.1 and GigabitEthernet 1/0/2.1.
Figure 39 VLAN termination for inter-VLAN communication
LAN-WAN communication
Typically, WAN protocols such as PPP do not recognize VLAN-tagged packets from LANs. Before packets are sent to a WAN, the sending port must locally record the VLAN information and remove VLAN tags from the packets. To do that, configure VLAN termination on subinterfaces or VLAN interfaces.
As shown in Figure 40, a host is located on a customer network and wants to access the WAN network. CVLAN and SVLAN represent the VLAN on the customer network and service provider network, respectively.
To access the WAN network, a packet originating from the host is processed as follows:
1. Layer 2 Switch A adds a CVLAN tag to the packet and sends the packet.
2. Layer 2 Switch B adds an SVLAN tag to the packet on the QinQ-enabled port.
3. The packet is forwarded on the service provider network based on the SVLAN tag.
4. The gateway removes the two layers of VLAN tags from the packet and adds new VLAN tags on the QinQ termination-enabled port.
5. The gateway sends the packet to the WAN network.
Figure 40 VLAN termination enables LAN-WAN communication
Feature and hardware compatibility
The following matrix shows the VLAN termination and hardware compatibility:
Hardware series |
Model |
VLAN termination compatibility |
WX1800H series |
WX1804H WX1810H WX1820H |
Yes |
WX2500H series |
WX2510H WX2540H WX2560H |
Yes |
WX3000H series |
WX3010H WX3010H-L WX3010H-X WX3024H WX3024H-L |
Yes: · WX3010H · WX3024H No: · WX3010H-L · WX3010H-X · WX3024H-L |
WX3500H series |
WX3508H WX3510H WX3520H WX3540H |
No |
WX5500E series |
WX5510E WX5540E |
No |
WX5500H series |
WX5540H WX5560H WX5580H |
No |
Access controller modules |
EWPXM1MAC0F EWPXM2WCMD0F LSQM1WCMX20 LSQM1WCMX40 LSUM1WCME0 LSUM1WCMX20RT LSUM1WCMX40RT |
No |
Configuration restrictions and guidelines
When you configure VLAN termination, follow these restrictions and guidelines:
· On a portal-enabled interface, log off all portal users before you change the VLAN termination type, for example, from Dot1q termination to QinQ termination. Any portal users who remain online after the change cannot be logged off or reauthenticated. For more information about portal authentication, see Security Configuration Guide.
· A main interface cannot terminate VLAN-tagged packets. To terminate VLAN-tagged packets, you can create subinterfaces for the main interface.
· Layer 3 Ethernet subinterfaces and VLAN interfaces can terminate the following packets:
? Packets with matching Layer 1 VLAN IDs.
? Packets with matching Layer 1 and Layer 2 VLAN IDs.
A VLAN interface can terminate only the packets whose Layer 1 VLAN ID is numbered the same as the VLAN interface. For example, VLAN-interface 10 can terminate only the packets that have Layer 1 VLAN tag 10.
· After you modify the VLAN termination configuration for a Layer 3 Ethernet subinterface, the subinterface automatically restarts. All dynamic ARP table entries for the subinterface are deleted.
· When a main interface bound to a VLAN interface receives a VLAN-tagged packet, the main interface processes the packet according to the VLAN interface configuration.
After you configure VLAN termination, the system finds an interface for a received packet in the following order:
· Subinterface configured with QinQ termination.
· Subinterface configured with Dot1q termination, or subinterface that supports Dot1q termination by default.
· Subinterface configured with untagged termination.
· Subinterface configured with default termination.
· Main interface.
VLAN termination configuration task list
Tasks at a glance |
(Required.) Perform one of the following tasks: · Configuring Dot1q termination ? Configuring ambiguous Dot1q termination ? Configuring unambiguous Dot1q termination · Configuring QinQ termination ? Configuring ambiguous QinQ termination ? Configuring unambiguous QinQ termination |
(Optional.) Enabling a VLAN termination-enabled interface to transmit broadcasts and multicasts |
Configuring Dot1q termination
Based on the range of outermost VLAN IDs in the VLAN-tagged packets that can be terminated by a subinterface, the following types of Dot1q termination are available:
· Ambiguous Dot1q termination—Terminates VLAN-tagged packets whose outermost VLAN IDs are in the specified range. Any other VLAN-tagged packets are not allowed to pass through this subinterface.
When the subinterface receives a packet, it removes the outermost layer of tags from the packet. When the subinterface sends a packet, it tags the packet with a VLAN ID as follows:
? For a PPPoE packet, the VLAN ID is obtained by searching the PPPoE session entries.
? For a DHCP relay packet, the VLAN ID is obtained by searching the DHCP session entries.
? For an IPv4 packet, the VLAN ID is obtained by searching the ARP entries.
· Unambiguous Dot1q termination—Terminates only VLAN-tagged packets whose outermost VLAN ID matches the specified VLAN ID. Any other VLAN-tagged packets are not allowed to pass through this subinterface.
When the subinterface receives a packet, it removes the outermost VLAN tag of the packet.
When the subinterface sends a packet, it tags the packet with the specified VLAN ID.
Configuring ambiguous Dot1q termination
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Enter Layer 3 Ethernet subinterface view. |
interface interface-type interface-number.subnumber |
N/A |
3. Configure ambiguous Dot1q termination. |
vlan-type dot1q vid vlan-id-list |
By default, Dot1q termination is disabled on a subinterface. |
Configuring unambiguous Dot1q termination
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Enter Layer 3 Ethernet subinterface view. |
interface interface-type interface-number.subnumber |
N/A |
3. Configure unambiguous Dot1q termination. |
vlan-type dot1q vid vlan-id |
By default, Dot1q termination is disabled on a subinterface. |
Configuring QinQ termination
QinQ termination allows only packets that include specific VLAN tags to pass through the subinterface or VLAN interface. The following types of QinQ termination are available:
· Ambiguous QinQ termination—Terminates QinQ packets whose outermost two layers of VLAN IDs are in the specified range.
When the subinterface or VLAN interface receives a packet, it removes the outermost two layers of VLAN tags of the packet.
When the subinterface or VLAN interface sends a packet, it tags the packet with the outermost two layers of VLAN IDs, which are determined as follows:
? For a PPPoE packet, the outermost two layers of VLAN IDs are obtained by searching the PPPoE session entries.
? For a DHCP relay packet, the outermost two layers of VLAN IDs are obtained by searching the DHCP relay entries.
? For an IPv4 packet, the outermost two layers of VLAN IDs are obtained by searching the ARP entries.
· Unambiguous QinQ termination—Terminates QinQ packets whose outermost two layers of VLAN IDs match the specified values.
When the subinterface or VLAN interface receives a packet, it removes the two layers of VLAN tags of the packet.
When the subinterface or VLAN interface sends the packet, it tags the packet with two layers of VLAN tags as specified.
Configuring ambiguous QinQ termination
Configuring ambiguous QinQ termination by specifying the outermost two layers of VLAN IDs
When you configure ambiguous QinQ termination by using this method, follow these restrictions and guidelines:
· If you specify the same Layer 1 VLAN ID for multiple subinterfaces under a main interface, the Layer 2 VLAN IDs specified for them must be different. However, if you specify different Layer 1 VLAN IDs for the subinterfaces, the Layer 2 VLAN IDs specified for the subinterfaces are not required to be different.
· Subinterfaces under different main interfaces can terminate VLAN-tagged packets with the same Layer 1 and Layer 2 VLAN IDs.
· When you use the vlan-type dot1q vid second-dot1q command to configure ambiguous QinQ termination multiple times, one of the following conditions occurs:
? If the most recently specified Layer 1 ID is the same as the current Layer 1 ID, the specified Layer 2 IDs in both configurations take effect.
? If the most recently specified Layer 1 ID is different from the current Layer 1 ID, you must first delete the old configuration.
To configure ambiguous QinQ termination:
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Enter Layer 3 Ethernet subinterface view. |
interface interface-type interface-number.subnumber |
N/A |
3. Configure ambiguous QinQ termination by specifying the outermost two layers of VLAN IDs. |
vlan-type dot1q vid vlan-id-list second-dot1q { vlan-id-list | any } |
By default, QinQ termination is disabled on an interface. |
Configuring ambiguous QinQ termination by specifying the Layer 2 VLAN IDs
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Enter VLAN interface view. |
interface vlan-interface interface-number |
N/A |
3. Configure ambiguous QinQ termination by specifying the Layer 2 VLAN IDs. |
second-dot1q { vlan-id-list | any } |
By default, QinQ termination is disabled on an interface. The Layer 1 VLAN ID of the VLAN-tagged packets that can be terminated by the subinterface or VLAN interface is the number of the subinterface or VLAN interface. This Layer 1 VLAN ID is not configurable. |
|
NOTE: After you enable ambiguous QinQ termination on a VLAN interface, Layer 2 Ethernet interfaces bound to the VLAN interface operate as follows: · Process only packets that match the ambiguous QinQ termination configuration of the VLAN interface. · Drop any other packets sent to the VLAN interface. |
Configuring unambiguous QinQ termination
Configuring unambiguous QinQ termination by specifying the outermost two layers of VLAN IDs
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Enter Layer 3 Ethernet subinterface view. |
interface interface-type interface-number.subnumber |
N/A |
3. Configure unambiguous QinQ termination by specifying the outermost two layers of VLAN IDs. |
vlan-type dot1q vid vlan-id second-dot1q vlan-id |
By default, QinQ termination is disabled on an interface. |
Configuring unambiguous QinQ termination by specifying the Layer 2 VLAN ID
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Enter VLAN interface view. |
interface vlan-interface interface-number |
N/A |
3. Configure unambiguous QinQ termination by specifying the Layer 2 VLAN ID. |
second-dot1q vlan-id |
By default, QinQ termination is disabled on an interface. The Layer 1 VLAN ID of the VLAN-tagged packets that can be terminated by the subinterface or VLAN interface is the number of the subinterface or VLAN interface. This Layer 1 VLAN ID is not configurable. |
|
NOTE: After you enable unambiguous QinQ termination on a VLAN interface, Layer 2 Ethernet interfaces bound to the VLAN interface operate as follows: · Process only packets that match the unambiguous QinQ termination configuration of the VLAN interface. · Drop any other packets sent to the VLAN interface. |
Configuring untagged termination
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Enter Layer 3 Ethernet subinterface view. |
interface interface-type interface-number.subnumber |
N/A |
3. Configure untagged termination. |
vlan-type dot1q untagged |
By default, untagged termination is disabled on a subinterface. |
Configuring default termination
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Enter Layer 3 Ethernet subinterface view. |
interface interface-type interface-number.subnumber |
N/A |
3. Configure default termination. |
vlan-type dot1q default |
By default, default termination is disabled on a subinterface. |
Enabling a VLAN termination-enabled interface to transmit broadcasts and multicasts
This function enables ambiguous Dot1q or QinQ termination-enabled interfaces to transmit broadcasts and multicasts.
To enable a VLAN termination-enabled interface to transmit broadcasts and multicasts:
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Enter interface view. |
· Enter Layer 3 Ethernet subinterface view: · Enter VLAN interface view: |
N/A |
3. Enable the interface to transmit broadcasts and multicasts. |
vlan-termination broadcast enable |
By default, an ambiguous Dot1q or QinQ termination-enabled interface does not transmit broadcasts and multicasts. |
VLAN termination configuration examples
Unambiguous Dot1q termination configuration example
Network requirements
As shown in Figure 41, configure unambiguous Dot1q termination on subinterfaces of the device to implement intra-VLAN and inter-VLAN communications between hosts.
Configuration procedure
|
IMPORTANT: The vlan-type dot1q vid command is required for devices that support it, because an Ethernet subinterface can be activated and transmit packets only after it is associated with VLANs. |
1. Configure Host A, Host B, Host C, and Host D:
# On Host A, specify 1.1.1.1/8 and 1.0.0.1/8 as its IP address and gateway IP address, respectively. (Details not shown.)
# On Host B, specify 2.2.2.2/8 and 2.0.0.1/8 as its IP address and gateway IP address, respectively. (Details not shown.)
# On Host C, specify 3.3.3.3/8 and 3.0.0.1/8 as its IP address and gateway IP address, respectively. (Details not shown.)
# On Host D, specify 4.4.4.4/8 and 4.0.0.1/8 as its IP address and gateway IP address, respectively. (Details not shown.)
2. Configure Layer 2 Switch A:
# Create VLAN 10.
<L2_SwitchA> system-view
[L2_SwitchA] vlan 10
# Assign GigabitEthernet 1/0/2 to VLAN 10.
[L2_SwitchA-vlan10] port gigabitethernet 1/0/2
[L2_SwitchA-vlan10] quit
# Create VLAN 20.
[L2_SwitchA] vlan 20
# Assign GigabitEthernet 1/0/3 to VLAN 20.
[L2_SwitchA-vlan20] port gigabitethernet 1/0/3
[L2_SwitchA-vlan20] quit
# Configure GigabitEthernet 1/0/1 as a trunk port, and assign the port to VLANs 10 and 20.
[L2_SwitchA] interface gigabitethernet 1/0/1
[L2_SwitchA-GigabitEthernet1/0/1] port link-type trunk
[L2_SwitchA-GigabitEthernet1/0/1] port trunk permit vlan 10 20
3. Configure Layer 2 Switch B in the same way you configure Layer 2 Switch A. (Details not shown.)
4. Configure the AC:
# Create GigabitEthernet 1/0/1.10, and assign an IP address to this interface.
<AC> system-view
[AC] interface gigabitethernet 1/0/1.10
[AC-GigabitEthernet1/0/1.10] ip address 1.0.0.1 255.0.0.0
# Configure GigabitEthernet 1/0/1.10 to terminate packets tagged with VLAN 10.
[AC-GigabitEthernet1/0/1.10] vlan-type dot1q vid 10
[AC-GigabitEthernet1/0/1.10] quit
# Create GigabitEthernet 1/0/1.20, and assign an IP address to this interface.
[AC] interface gigabitethernet 1/0/1.20
[AC-GigabitEthernet1/0/1.20] ip address 2.0.0.1 255.0.0.0
# Configure GigabitEthernet 1/0/1.20 to terminate packets tagged with VLAN 20.
[AC-GigabitEthernet1/0/1.20] vlan-type dot1q vid 20
[AC-GigabitEthernet1/0/1.20] quit
# Configure GigabitEthernet 2/0/1.10, and assign an IP address to this interface.
[AC] interface gigabitethernet 2/0/1.10
[AC-GigabitEthernet2/0/1.10] ip address 3.0.0.1 255.0.0.0
# Configure GigabitEthernet 2/0/1.10 to terminate packets tagged with VLAN 10.
[AC-GigabitEthernet2/0/1.10] vlan-type dot1q vid 10
[AC-GigabitEthernet2/0/1.10] quit
# Configure GigabitEthernet 2/0/1.20, and assign an IP address to this interface.
[AC] interface gigabitethernet 2/0/1.20
[AC-GigabitEthernet2/0/1.20] ip address 4.0.0.1 255.0.0.0
# Configure GigabitEthernet 2/0/1.20 to terminate packets tagged with VLAN 20.
[AC-GigabitEthernet2/0/1.20] vlan-type dot1q vid 20
[AC-GigabitEthernet2/0/1.20] quit
Verifying the configuration
# Verify that Host A, Host B, Host C, and Host D can ping each other. (Details not shown.)
Ambiguous Dot1q termination configuration example
Network requirements
As shown in Figure 42, configure ambiguous Dot1q termination, so that hosts in different VLANs can communicate with the server group.
Configuration procedure
In this example, L2 switch B uses the factory configuration.
1. Configure Host A, Host B, and Host C:
# Assign 1.1.1.1/24, 1.1.1.2/24, and 1.1.1.3/24 to Host A, Host B, and Host C, respectively. (Details not shown.)
# Specify 1.1.1.11/24 as the gateway IP address for the hosts. (Details not shown.)
2. Configure Layer 2 Switch A:
# Create VLAN 11.
<L2_SwitchA> system-view
[L2_SwitchA] vlan 11
# Assign GigabitEthernet 1/0/1 to VLAN 11.
[L2_SwitchA-vlan11] port gigabitethernet 1/0/1
[L2_SwitchA-vlan11] quit
# Create VLAN 12.
[L2_SwitchA] vlan 12
# Assign GigabitEthernet 1/0/2 to VLAN 12.
[L2_SwitchA-vlan12] port gigabitethernet 1/0/2
[L2_SwitchA-vlan12] quit
# Create VLAN 13.
[L2_SwitchA] vlan 13
# Assign GigabitEthernet 1/0/3 to VLAN 13.
[L2_SwitchA-vlan13] port gigabitethernet 1/0/3
[L2_SwitchA-vlan13] quit
# Configure GigabitEthernet 1/0/7 as a trunk port, and assign the port to VLANs 11 through 13.
[L2_SwitchA] interface gigabitethernet 1/0/7
[L2_SwitchA-GigabitEthernet1/0/7] port link-type trunk
[L2_SwitchA-GigabitEthernet1/0/7] port trunk permit vlan 11 to 13
3. Configure the AC:
# Create Ethernet subinterface GigabitEthernet 1/0/1.10, and assign an IP address to the subinterface.
<AC> system-view
[AC] interface gigabitethernet 1/0/1.10
[AC-GigabitEthernet1/0/1.10] ip address 1.1.1.11 255.255.255.0
# Enable Dot1q termination on GigabitEthernet 1/0/1.10 to terminate VLAN-tagged packets whose Layer 1 VLAN IDs are 11, 12, or 13.
[AC-GigabitEthernet1/0/1.10] vlan-type dot1q vid 11 to 13
# Enable GigabitEthernet 1/0/1.10 to transmit broadcasts and multicasts.
[AC-GigabitEthernet1/0/1.10] vlan-termination broadcast enable
[AC-GigabitEthernet1/0/1.10] quit
# Configure an IP address for GigabitEthernet 1/0/2.
[AC] interface gigabitethernet 1/0/2
[AC-GigabitEthernet1/0/2] ip address 1.1.2.11 255.255.255.0
4. Configure the server group:
# Assign each device in the server group an IP address on the network segment 1.1.2.0/24. (Details not shown.)
# Specify 1.1.2.11/24 as the gateway IP address for the server group. (Details not shown.)
Verifying the configuration
# Verify that Host A, Host B, and Host C can ping the device in the server group. (Details not shown.)
Configuration example for Dot1q termination supporting PPPoE server
Network requirements
As shown in Figure 43, the AC acts as a PPPoE server. Hosts in different VLANs access the Internet through the PPPoE server.
Configure Dot1q termination so that hosts in different VLANs can access the Internet.
Configuration procedure
# Configure VLANs and Dot1q termination. For the configuration procedure, see "Ambiguous Dot1q termination configuration example." (Details not shown.)
# Configure the AC as the PPPoE server. Configure PPPoE settings on GigabitEthernet 1/0/1.10 on the AC. For more information about the PPPoE configuration, see Layer 2—WAN Configuration Guide. (Details not shown.)
Unambiguous QinQ termination configuration example
Network requirements
As shown in Figure 44:
· Layer 2 Switch C supports only single VLAN-tagged packets.
· On Layer 2 Switch B, GigabitEthernet 1/0/2 is enabled with QinQ to adds an SVLAN tag 100 to the packets with CVLAN ID 11.
Configure unambiguous QinQ termination so that Host A can communicate with Host B.
Configuration procedure
In this example, Layer 2 Switch C uses the factory configuration.
1. Configure Host A and Host B:
# On Host A, specify 1.1.1.1/24 and 1.1.1.11/24 as its IP address and gateway IP address, respectively. (Details not shown.)
# On Host B, specify 1.1.2.1/24 and 1.1.2.11/24 as its IP address and gateway IP address, respectively. (Details not shown.)
2. Configure Layer 2 Switch A:
# Create VLAN 11.
<L2_SwitchA> system-view
[L2_SwitchA] vlan 11
# Assign GigabitEthernet 1/0/2 to VLAN 11.
[L2_SwitchA-vlan11] port gigabitethernet 1/0/2
[L2_SwitchA-vlan11] quit
# Configure GigabitEthernet 1/0/1 as a trunk port, and assign the port to VLAN 11.
[L2_SwitchA] interface gigabitethernet 1/0/1
[L2_SwitchA-GigabitEthernet1/0/1] port link-type trunk
[L2_SwitchA-GigabitEthernet1/0/1] port trunk permit vlan 11
3. Configure Layer 2 Switch B:
# Configure GigabitEthernet 1/0/2 as a trunk port, and assign the port to VLAN 11 and VLAN 100.
<L2_SwitchB> system-view
[L2_SwitchB] interface gigabitethernet 1/0/2
[L2_SwitchB-GigabitEthernet1/0/2] port link-type trunk
[L2_SwitchB-GigabitEthernet1/0/2] port trunk permit vlan 11 100
# Set the PVID of GigabitEthernet 1/0/2 to VLAN 100.
[L2_SwitchB-GigabitEthernet1/0/2] port trunk pvid vlan 100
# Enable QinQ on GigabitEthernet 1/0/2.
[L2_SwitchB-GigabitEthernet1/0/2] qinq enable
[L2_SwitchB-GigabitEthernet1/0/2] quit
# Configure GigabitEthernet 1/0/1 as a trunk port, and assign the port to VLAN 100.
[L2_SwitchB] interface gigabitethernet 1/0/1
[L2_SwitchB-GigabitEthernet1/0/1] port link-type trunk
[L2_SwitchB-GigabitEthernet1/0/1] port trunk permit vlan 100
4. Configure the AC:
# Create Ethernet subinterface GigabitEthernet 1/0/1.10, and assign an IP address to the subinterface.
<AC> system-view
[AC] interface gigabitethernet 1/0/1.10
[AC-GigabitEthernet1/0/1.10] ip address 1.1.1.11 255.255.255.0
# Enable QinQ termination on GigabitEthernet 1/0/1.10 to terminate the VLAN-tagged packets with the Layer 1 VLAN ID 100 and the Layer 2 VLAN ID 11.
[AC-GigabitEthernet1/0/1.10] vlan-type dot1q vid 100 second-dot1q 11
[AC-GigabitEthernet1/0/1.10] quit
# Assign an IP address to GigabitEthernet 1/0/2.
[AC] interface gigabitethernet 1/0/2
[AC-GigabitEthernet1/0/2] ip address 1.1.2.11 255.255.255.0
Verifying the configuration
# Verify that Host A and Host B can ping each other. (Details not shown.)
Ambiguous QinQ termination configuration example
Network requirements
As shown in Figure 45, QinQ is enabled on GigabitEthernet 1/0/2 of Layer 2 Switch B.
Configure ambiguous QinQ termination, so that hosts can communicate with the server group.
Configuration procedure
In this example, Layer 2 Switch C uses the factory configuration.
1. Configure Host A, Host B, and Host C:
# Assign IP addresses 1.1.1.1/24, 1.1.1.2/24, and 1.1.1.3/24 to Host A, Host B, and Host C, respectively. (Details not shown.)
# Specify 1.1.1.11/24 as the gateway address for the hosts. (Details not shown.)
2. Configure Layer 2 Switch A:
# Create VLAN 11.
<L2_SwitchA> system-view
[L2_SwitchA] vlan 11
# Assign GigabitEthernet 1/0/1 to VLAN 11.
[L2_SwitchA-vlan11] port gigabitethernet 1/0/1
[L2_SwitchA-vlan11] quit
# Create VLAN 12.
[L2_SwitchA] vlan 12
# Assign GigabitEthernet 1/0/2 to VLAN 12.
[L2_SwitchA-vlan12] port gigabitethernet 1/0/2
[L2_SwitchA-vlan12] quit
# Create VLAN 13.
[L2_SwitchA] vlan 13
# Assign GigabitEthernet 1/0/3 to VLAN 13.
[L2_SwitchA-vlan13] port gigabitethernet 1/0/3
[L2_SwitchA-vlan13] quit
# Configure GigabitEthernet 1/0/7 as a trunk port, and assign the port to VLANs 11 through 13.
[L2_SwitchA] interface gigabitethernet 1/0/7
[L2_SwitchA-GigabitEthernet1/0/7] port link-type trunk
[L2_SwitchA-GigabitEthernet1/0/7] port trunk permit vlan 11 to 13
3. Configure Layer 2 Switch B:
# Configure GigabitEthernet 1/0/2 as a trunk port, and assign the port to VLANs 11 through 13 and VLAN 100.
<L2_SwitchB> system-view
[L2_SwitchB] interface gigabitethernet 1/0/2
[L2_SwitchB-GigabitEthernet1/0/2] port link-type trunk
[L2_SwitchB-GigabitEthernet1/0/2] port trunk permit vlan 11 to 13 100
# Set the PVID of GigabitEthernet 1/0/2 to VLAN 100.
[L2_SwitchB-GigabitEthernet1/0/2] port trunk pvid vlan 100
# Enable QinQ on GigabitEthernet 1/0/2.
[L2_SwitchB-GigabitEthernet1/0/2] qinq enable
[L2_SwitchB-GigabitEthernet1/0/2] quit
# Configure GigabitEthernet 1/0/1 as a trunk port, and assign the port to VLAN 100.
[L2_SwitchB] interface gigabitethernet 1/0/1
[L2_SwitchB-GigabitEthernet1/0/1] port link-type trunk
[L2_SwitchB-GigabitEthernet1/0/1] port trunk permit vlan 100
4. Configure the AC:
# Create Ethernet subinterface GigabitEthernet 1/0/1.10, and assign an IP address to the subinterface.
<AC> system-view
[AC] interface gigabitethernet 1/0/1.10
[AC-GigabitEthernet1/0/1.10] ip address 1.1.1.11 255.255.255.0
# Configure GigabitEthernet 1/0/1.10 to terminate VLAN-tagged packets whose Layer 1 VLAN ID is 100 and Layer 2 VLAN ID is 11, 12, or 13.
[AC-GigabitEthernet1/0/1.10] vlan-type dot1q vid 100 second-dot1q 11 to 13
# Enable GigabitEthernet 1/0/1.10 to transmit broadcasts and multicasts.
[AC-GigabitEthernet1/0/1.10] vlan-termination broadcast enable
[AC-GigabitEthernet1/0/1.10] quit
# Assign an IP address to GigabitEthernet 1/0/2.
[AC] interface gigabitethernet 1/0/2
[AC-GigabitEthernet1/0/2] ip address 1.1.2.11 255.255.255.0
5. Configure the server group:
# Assign each device in the server group an IP address on the network segment 1.1.2.0/24. (Details not shown.)
# Specify 1.1.2.11/24 as the gateway IP address for the server group. (Details not shown.)
Verifying the configuration
# Verify that Host A, Host B, and Host C can ping the server group. (Details not shown.)
Configuring port isolation
The port isolation feature isolates Layer 2 traffic for data privacy and security without using VLANs.
Ports in an isolation group cannot communicate with each other. However, they can communicate with ports outside the isolation group.
Assigning a port to the isolation group
The device supports only one isolation group that is automatically created as isolation group 1. You cannot remove the isolation group or create other isolation groups on the device. The number of ports assigned to the isolation group is not limited.
To assign a port to the isolation group:
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Enter interface view. |
· Enter Layer 2 Ethernet interface view: · Enter Layer 2 aggregate interface view: |
· The configuration in Layer 2 Ethernet interface view applies only to the interface. · The configuration in Layer 2 aggregate interface view applies to the Layer 2 aggregate interface and its aggregation member ports. If the device fails to apply the configuration to the aggregate interface, it does not assign any aggregation member port to the isolation group. If the failure occurs on an aggregation member port, the device skips the port and continues to assign other aggregation member ports to the isolation group. |
3. Assign the port to the isolation group. |
port-isolate enable |
By default, the port is not in the isolation group. |
Displaying and maintaining port isolation
Execute display commands in any view.
Task |
Command |
Display port isolation group information. |
display port-isolate group |
Port isolation configuration example
Network requirements
As shown in Figure 46:
· AP1, AP2, and AP3 are connected to GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 on the AC, respectively.
· The AC connects to the Internet through GigabitEthernet 1/0/4.
Configure the AC to provide Internet access for all the APs, and isolate them from one another.
Configuration procedure
# Assign ports GigabitEthernet1/0/1, GigabitEthernet1/0/2, and GigabitEthernet1/0/3 to the isolation group.
<AC> system-view
[AC] interface gigabitethernet 1/0/1
[AC-GigabitEthernet1/0/1] port-isolate enable
[AC-GigabitEthernet1/0/1] quit
[AC] interface gigabitethernet 1/0/2
[AC-GigabitEthernet1/0/2] port-isolate enable
[AC-GigabitEthernet1/0/2] quit
[AC] interface gigabitethernet 1/0/3
[AC-GigabitEthernet1/0/3] port-isolate enable
[AC-GigabitEthernet1/0/3] quit
Verifying the configuration
# Display information about the isolation group.
[AC] display port-isolate group
Port isolation group information:
Group ID: 1
Group members:
GigabitEthernet1/0/1 GigabitEthernet1/0/2 GigabitEthernet1/0/3
The output shows that ports GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 are assigned to the isolation group. As a result, AP1, AP2, and AP3 are isolated from one another at Layer 2.
Numerics
802
802.1 LLDPDU TLV types, 98
802.3 LLDPDU TLV types, 98
VLAN group configuration, 36
VLAN termination configuration (Dot1q ambiguous), 120, 121, 126
VLAN termination configuration (Dot1q PPPoE server support), 128
VLAN termination configuration (Dot1q unambiguous), 120, 121, 125
VLAN termination configuration (QinQ ambiguous), 121, 122, 123, 130
VLAN termination configuration (QinQ unambiguous), 121, 129
VLAN termination configuration (untagged), 124
VLAN termination default, 124
A
accessing
port-based VLAN assignment (access port), 35
action
loop detection block, 39
loop detection no-learning protection, 39
loop detection protection action (Layer 2 aggregate interface), 41
loop detection protection action (S-channel aggregate interface), 41
loop detection protection action (S-channel bundle interface), 41
loop detection protection action setting, 41
loop detection shutdown protection, 39
adding
MAC address table blackhole entry, 4
MAC address table entry (global), 3
MAC address table entry (on interface), 3
address
MAC address learning disable, 4
MAC address move suppression, 7
MAC address table learning priority, 6
MAC address table move notification, 7
MAC address table SNMP notification, 8
advertising
LLDP advertisable TLV, 105
aggregating
link. See Ethernet link aggregation
aging
MAC address table timer, 5
spanning tree max age timer, 73
algorithm
STP calculation, 48
alternate port (MST), 61
assigning
Layer 2 LAN switching port-based VLAN access port, 35
MAC address table learning priority, 6
port isolation group (single port), 133
port-based VLAN access port (interface view), 35
port-based VLAN access port (VLAN view), 35
port-based VLAN hybrid port, 36
port-based VLAN trunk port, 35
attribute
Ethernet link aggregation attribute configuration, 12
auto
loop detection port status auto recovery, 39
B
backing up
MST backup port, 61
bandwidth
Ethernet link aggregate interface (expected bandwidth), 20
basic management LLDPDU TLV types, 98
blackhole entry
MAC address table, 1, 4
block action (loop detection), 39
boundary port (MST), 61
BPDU
configuration BPDUs, 45
MST region max hops, 72
PVST BPDU guard, 90
spanning tree BPDU guard, 87
spanning tree hello time, 73
spanning tree max age timer, 73
spanning tree TC-BPDU guard, 90
spanning tree TC-BPDU transmission restriction, 89
STP BPDU forwarding, 53
TCN BPDUs, 46
transmission rate configuration, 75
BPDU processing
RSTP, 55
bridging
LLDP agent customer bridge, 96
LLDP agent nearest bridge, 96
LLDP agent non-TPMR bridge, 96
LLDP bridge mode configuration, 103
MST common root bridge, 61
MST regional root, 61
spanning tree loop guard, 88
spanning tree root bridge, 71
spanning tree root bridge (device), 71
spanning tree root guard, 88
spanning tree secondary root bridge (device), 71
STP designated bridge, 47
STP root bridge, 47
broadcast
VLAN termination transmission, 124
C
calculating
MSTI calculation, 63
MSTP CIST calculation, 63
spanning tree port path cost calculation standard, 76
spanning tree timeout factor, 75
STP algorithm, 48
checking
LLDP PVID inconsistency check disable, 110
spanning tree No Agreement Check, 84
choosing
Ethernet link aggregation reference port, 12, 15
CIST
calculation, 63
network device connection, 61
spanning tree max age timer, 73
command and hardware compatibility
Layer 2 forwarding, 115
spanning tree configuration, 66
common root bridge, 61
compatibility
VLAN termination hardware compatibility, 119
configuring
Ethernet aggregate interface, 19
Ethernet link aggregation, 11, 17, 24
Ethernet link aggregation group (Layer 2), 17
Ethernet link aggregation group load sharing, 21
Layer 2 Ethernet link aggregation (dynamic), 26
Layer 2 Ethernet link aggregation (static), 24
Layer 2 Ethernet link aggregation group (dynamic), 18
Layer 2 Ethernet link aggregation group (static), 18
Layer 2 Ethernet link aggregation load sharing, 28
Layer 2 forwarding, 115
Layer 2 forwarding (fast), 115
Layer 2 forwarding (normal), 115
LLDP, 96, 102
LLDP advertisable TLVs, 105
LLDP basics, 103, 111
LLDP management address, 107
LLDP management address encoding format, 107
LLDP trapping, 110
LLDP-MED trapping, 110
loop detection, 38, 40, 42
MAC address move suppression, 7
MAC address table, 1, 2, 9
MAC address table entry, 3
MAC address table frame forwarding rule (on interface), 6
MST region, 70
MST region max hops, 72
MSTP, 68, 92
port isolation, 133
port isolation (single isolation group), 133
port-based VLAN, 33
PVST, 68
RSTP, 67
spanning tree, 45, 66
spanning tree BPDU transmission rate, 75
spanning tree device priority, 72
spanning tree Digest Snooping, 83
spanning tree edge port, 75
spanning tree No Agreement Check, 84
spanning tree port link type, 79
spanning tree port mode, 79
spanning tree port path cost, 76, 78
spanning tree port priority, 78
spanning tree port role restriction, 89
spanning tree protection features, 87
spanning tree root bridge, 71
spanning tree root bridge (device), 71
spanning tree secondary root bridge, 71
spanning tree secondary root bridge (device), 71
spanning tree switched network diameter, 73
spanning tree TC Snooping, 86
spanning tree TC-BPDU transmission restriction, 89
spanning tree timeout factor, 75
spanning tree timer, 73
STP, 66
VLAN, 31
VLAN basic settings, 32
VLAN group, 36
VLAN interface basics, 33
VLAN termination, 117, 120, 125
VLAN termination (default), 124
VLAN termination (Dot1q ambiguous), 120, 121, 126
VLAN termination (Dot1q PPPoE server support), 128
VLAN termination (Dot1q unambiguous), 120, 121, 125
VLAN termination (QinQ ambiguous), 121, 122, 130
VLAN termination (QinQ ambiguous/Layer 2 VLAN ID), 122
VLAN termination (QinQ ambiguous/outermost VLAN ID), 122
VLAN termination (QinQ unambiguous), 121, 129
VLAN termination (QinQ unambiguous/Layer 2 VLAN ID), 123
VLAN termination (QinQ unambiguous/outermost VLAN ID), 123
VLAN termination (untagged), 124
VLAN termination configuration (QinQ unambiguous), 123
cost
spanning tree port path cost calculation standard, 76
spanning tree port path cost configuration, 76, 78
STP path cost, 48
CST
MST region connection, 60
customer
LLDP customer bridge mode, 103
CVLAN
VLAN termination application scenario, 117
VLAN termination configuration, 117, 120, 125
D
default
Ethernet link aggregate interface (default settings), 21
VLAN default termination, 117, 124
designated
MST port, 61
STP bridge, 47
STP port, 47
device
disabling inconsistent PVID protection, 82
Layer 2 forwarding (normal), 115
Layer 2 forwarding configuration, 115
Layer 2 forwarding configuration (fast), 115
LLDP basic configuration, 103, 111
LLDP configuration, 96, 102
LLDP parameters, 108
loop protection actions, 39
MSTP implementation, 63
PVST BPDU guard, 90
SNMP notifications for new-root election and topology change events, 91
spanning tree BPDU guard, 87
spanning tree Digest Snooping, 83
spanning tree loop guard, 88
spanning tree No Agreement Check, 84
spanning tree port role restriction, 89
spanning tree priority, 72
spanning tree protection features, 87
spanning tree root guard, 88
spanning tree TC Snooping, 86
spanning tree TC-BPDU guard, 90
spanning tree TC-BPDU transmission restriction, 89
VLAN termination configuration (Dot1q PPPoE server support), 128
VLAN termination configuration (QinQ ambiguous), 130
VLAN termination configuration (QinQ unambiguous), 129
VLAN termination hardware compatibility, 119
DHCP
VLAN termination configuration (QinQ unambiguous), 121
Digest Snooping (spanning tree), 83
disabling
LLDP PVID inconsistency check, 110
MAC address learning, 4
MAC address learning (global), 4
MAC address learning (on interface), 4
discarding
MST discarding port state, 62
displaying
Ethernet link aggregation, 24
Layer 2 forwarding (fast), 116
Layer 2 forwarding (normal), 115
LLDP, 111
loop detection, 42
MAC address table, 9
port isolation, 133
spanning tree, 91
VLAN, 37
Dot1
VLAN termination configuration (Dot1q ambiguous), 120, 121, 126
VLAN termination configuration (Dot1q PPPoE server support), 128
VLAN termination configuration (Dot1q unambiguous), 120, 121, 125
VLAN termination configuration (QinQ ambiguous), 121, 122, 123, 130
VLAN termination configuration (QinQ unambiguous), 121, 129
VLAN termination configuration (untagged), 124
VLAN termination default, 124
VLAN termination type, 117
dot1d-1998 (STP port path cost calculation), 76
dot1s (STP port mode), 79
dot1t (STP port path cost calculation), 76
dynamic
Ethernet link aggregation group, 17
Ethernet link aggregation mode, 12
Layer 2 Ethernet link aggregation, 26
MAC address table dynamic aging timer, 5
MAC address table entry, 1
MAC address table entry configuration (global), 3
MAC address table entry configuration (on interface), 3
E
edge port
MST, 61
spanning tree, 75
edge port rapid transition
rapid transition mechanism, 63
enabling
Ethernet link aggregation traffic redirection, 23
LLDP, 103
LLDP polling, 104
loop detection (global), 40
loop detection (port-specific), 40
MAC address table move notification, 7
MAC address table SNMP notification, 8
PVST BPDU guard, 90
SNMP notifications for new-root election and topology change events, 91
spanning tree BPDU guard, 87
spanning tree feature, 80
spanning tree loop guard, 88
spanning tree port state transition information output, 80
spanning tree root guard, 88
spanning tree TC-BPDU guard, 90
VLAN termination interface broadcast transmission, 124
VLAN termination interface multicast transmission, 124
encapsulating
LLDP frame encapsulation (Ethernet II), 97
LLDP frame encapsulation (SNAP), 97
LLDP frame encapsulation format, 109
VLAN frame encapsulation, 31
Ethernet
link aggregation. See Ethernet link aggregation
LLDP frame encapsulation, 97
LLDP trapping, 110
LLDP-MED trapping, 110
loop detection configuration, 38, 42
loop detection protection action (Layer 2 Ethernet interface), 41
MAC address table configuration, 1, 2, 9
port isolation configuration, 133
port isolation configuration (single isolation group), 133
port-based VLAN assignment (access port), 35
port-based VLAN assignment (hybrid port), 36
port-based VLAN assignment (trunk port), 35
port-based VLAN configuration, 33
VLAN basic configuration, 32
VLAN configuration, 31
VLAN frame encapsulation, 31
VLAN interface basics, 33
aggregate group (Selected ports), 19
aggregate interface, 11
aggregate interface (default settings), 21
aggregate interface (description), 19
aggregate interface configuration, 19
aggregate interface shutdown, 21
aggregation group, 11
aggregation group restrictions, 17
configuration, 11, 17, 24
configuration types, 12
display, 24
group configuration (Layer 2), 17
group load sharing configuration, 21
group load sharing mode, 21
how dynamic link aggregation works, 15
interface configuration (expected bandwidth), 20
LACP, 14
Layer 2 aggregation (dynamic), 26
Layer 2 aggregation (static), 24
Layer 2 aggregation load sharing, 28
load sharing mode, 17
local-first load sharing, 22
maintain, 24
member port, 11
member port state, 11, 13, 15
modes, 12
operational key, 11
reference port, 15
reference port choice, 12
static mode, 12
traffic redirection, 23
traffic redirection restrictions, 23
EVB
loop detection protection action (S-channel interface), 41
F
fast
Layer 2 forwarding configuration (fast), 115
format
LLDP frame encapsulation (Ethernet II), 97
LLDP frame encapsulation (SNAP), 97
LLDP frame encapsulation format, 109
LLDP management address encoding format, 107
forwarding
Layer 2 forwarding (normal), 115
Layer 2 forwarding configuration, 115
Layer 2 forwarding configuration (fast), 115
MST forwarding port state, 62
spanning tree forward delay timer, 73
STP BPDU forwarding, 53
STP forward delay timer, 53
frame
Layer 2 forwarding (normal), 115
Layer 2 forwarding configuration, 115
Layer 2 forwarding configuration (fast), 115
LLDP frame encapsulation format, 109
loop detection (Ethernet frame header), 38
loop detection (inner frame header), 38
loop detection interval, 39
MAC address learning, 1
MAC address table blackhole entry, 4
MAC address table configuration, 1, 2, 9
MAC address table entry configuration, 3
MSTP BPDU protocol frames, 58
port-based VLAN frame handling, 34
PVST BPDU protocol frames, 56, 56
RSTP BPDU protocol frames, 54
spanning tree port mode configuration, 79
STP BPDU protocol frames, 45
STP TCN BPDU protocol frames, 45
VLAN frame encapsulation, 31
G
group
Ethernet link aggregate group (Selected ports), 19
Ethernet link aggregation group, 11
Ethernet link aggregation group (Layer 2), 17
Ethernet link aggregation group load sharing, 21
Ethernet link aggregation LACP, 14
Ethernet link aggregation load sharing mode, 17, 21
Ethernet link aggregation member port state, 11
port isolation configuration (single isolation group), 133
VLAN group configuration, 36
H
hello
spanning tree timer, 73
STP timer, 53
hybrid port
port-based VLAN assignment (hybrid port), 36
I
ignoring
VLAN, 82
implementing
MSTP device implementation, 63
inconsistency check (LLDP), 110
interface
Ethernet aggregate interface, 19
Ethernet aggregate interface (description), 19
Ethernet link aggregate interface (default settings), 21
Ethernet link aggregate interface shutdown, 21
interval
Ethernet link aggregation LACP long timeout, 14
Ethernet link aggregation LACP short timeout, 14
loop detection, 39, 41
IPv4
VLAN termination configuration (QinQ unambiguous), 121
isolating
ports. See port isolation
IST
MST region, 61
K
key
Ethernet link aggregation operational key, 11
L
LACP
Ethernet link aggregation, 14
LAN switching
Ethernet aggregate interface, 19
Ethernet aggregate interface (description), 19
Ethernet link aggregate group (Selected ports), 19
Ethernet link aggregate interface (default settings), 21
Ethernet link aggregate interface (expected bandwidth), 20
Ethernet link aggregate interface shutdown, 21
Ethernet link aggregation (dynamic), 26
Ethernet link aggregation (static), 24
Ethernet link aggregation configuration, 11, 17, 24
Ethernet link aggregation display, 24
Ethernet link aggregation group (Layer 2), 17
Ethernet link aggregation group load sharing, 21
Ethernet link aggregation group load sharing mode, 21
Ethernet link aggregation group restrictions, 17
Ethernet link aggregation LACP, 14
Ethernet link aggregation load sharing, 28
Ethernet link aggregation load sharing mode, 17
Ethernet link aggregation local-first load sharing, 22
Ethernet link aggregation maintain, 24
Ethernet link aggregation static mode, 12
Ethernet link aggregation traffic redirection, 23
Ethernet link aggregation traffic redirection restrictions, 23
Layer 2 forwarding configuration, 115
LLDP basic concepts, 96
LLDP basic configuration, 103, 111
LLDP configuration, 96, 102
LLDP display, 111
LLDP protocols and standards, 102
LLDP PVID inconsistency check disable, 110
loop detection configuration, 38, 40, 42
MAC address table configuration, 1, 2, 9
MAC address table display, 9
port isolation configuration, 133
port isolation configuration (single isolation group), 133
port isolation display, 133
port isolation group assignment (single port), 133
port-based VLAN assignment (access port), 35
port-based VLAN assignment (hybrid port), 36
port-based VLAN assignment (trunk port), 35
port-based VLAN configuration, 33
Virtual Local Area Network. Use VLAN
VLAN basic configuration, 32
VLAN configuration, 31
VLAN display, 37
VLAN frame encapsulation, 31
VLAN group configuration, 36
VLAN interface basics, 33
VLAN maintain, 37
VLAN protocols and standards, 32
VLAN termination configuration, 117, 120, 125
VLAN termination configuration (Dot1q ambiguous), 126
VLAN termination configuration (Dot1q PPPoE server support), 128
VLAN termination configuration (Dot1q unambiguous), 125
VLAN termination configuration (Dot1q), 120
VLAN termination configuration (QinQ ambiguous), 130
VLAN termination configuration (QinQ unambiguous), 129
VLAN termination configuration (QinQ), 121
VLAN termination configuration (untagged), 124
VLAN termination configuration restrictions, 119
VLAN termination default, 124
Layer 2
Ethernet link aggregation group (dynamic), 18
forwarding configuration, 115
forwarding configuration (fast), 115
forwarding configuration (normal), 115
forwarding display (fast), 116
forwarding display (normal), 115
forwarding maintain (fast), 116
forwarding maintain (normal), 115
LLDP basic configuration, 111
LLDP trapping, 110
LLDP-MED trapping, 110
loop detection protection action (Layer 2 aggregate interface), 41
loop detection protection action (Layer 2 Ethernet interface), 41
loop detection protection action (S-channel aggregate interface), 41
loop detection protection action (S-channel bundle interface), 41
loop detection protection action (S-channel interface), 41
VLAN basic configuration, 32
VLAN configuration, 31
Layer 2 forwarding
command and hardware compatibility, 115
Layer 2 LAN switching
displaying spanning tree, 91
Ethernet link aggregation group (static), 18
maintaining spanning tree, 91
MST region, 70
MSTP configuration, 92
spanning tree configuration, 45
spanning tree Digest Snooping, 83
Layer 3
Ethernet link aggregation group load sharing, 21
Ethernet link aggregation local-first load sharing, 22
LAN switching LAN switching VLAN interface basics, 33
LLDP basic configuration, 111
LLDP trapping, 110
LLDP-MED trapping, 110
port-based VLAN assignment (access port), 35
port-based VLAN assignment (hybrid port), 36
port-based VLAN assignment (trunk port), 35
port-based VLAN configuration, 33
learning
loop detection no-learning action, 39
MAC address, 1
MAC address learning disable, 4
MAC address table learning priority, 6
MST learning port state, 62
legacy
spanning tree port mode, 79
spanning tree port path cost calculation, 76
link
aggregation. See Ethernet link aggregation
Link Layer Discovery Protocol. Use LLDP
MSTP configuration, 92
spanning tree configuration, 45, 66
spanning tree hello time, 73
spanning tree port link type configuration, 79
advertisable TLV configuration, 105
agent, 96
basic concepts, 96
basic configuration, 103, 111
bridge mode configuration, 103
configuration, 96, 102
display, 111
enable, 103
frame encapsulation (Ethernet II), 97
frame encapsulation (SNAP), 97
frame encapsulation format, 109
frame format, 97
frame reception, 102
frame transmission, 101
how it works, 101
LLDPDU management address TLV, 101
LLDPDU TLV types, 98
LLDPDU TLVs, 98
LLDP-MED trapping configuration, 110
management address configuration, 107
management address encoding format, 107
operating mode (disable), 101
operating mode (Rx), 101
operating mode (Tx), 101
operating mode (TxRx), 101
operating mode set, 103
parameter set, 108
polling enable, 104
protocols and standards, 102
PVID inconsistency check disable, 110
reinitialization delay, 104
trapping configuration, 110
LLDPDU
LLDP basic configuration, 103, 111
LLDP configuration, 96, 102
LLDP parameters, 108
management address configuration, 107
management address encoding format, 107
management address TLV, 101
TLV basic management types, 98
TLV LLDP-MED types, 98
TLV organization-specific types, 98
load sharing
Ethernet link aggregation group configuration, 21
Ethernet link aggregation group load sharing, 17
Ethernet link aggregation load sharing mode, 21
Ethernet link aggregation local-first load sharing, 22
Ethernet link aggregation packet type-based load sharing, 17
Ethernet link aggregation per-flow load sharing, 17
Ethernet link aggregation per-packet load sharing, 17
Layer 2 Ethernet link aggregation configuration, 28
local
Ethernet link aggregation local-first load sharing, 22
logging
loop detection configuration, 38, 40, 42
loop
MSTP configuration, 92
spanning tree configuration, 45, 66
spanning tree loop guard, 88
loop detection
configuration, 38, 40, 42
displaying, 42
enable (global), 40
enable (port-specific), 40
interval, 39
interval setting, 41
mechanism, 38
port status auto recovery, 39
protection action setting (global), 41
protection action setting (Layer 2 aggregate interface), 41
protection action setting (Layer 2 Ethernet interface), 41
protection action setting (S-channel aggregate interface), 41
protection action setting (S-channel bundle interface), 41
protection action setting (S-channel interface), 41
protection actions, 39
M
MAC address table
address learning, 1
blackhole entry, 4
configuration, 1, 2, 9
displaying, 9
dynamic aging timer, 5
entry configuration, 3
entry configuration (global), 3
entry configuration (on interface), 3
entry creation, 1
entry types, 1
learning priority assignment, 6
MAC address learning disable, 4
MAC address move suppression, 7
manual entries, 1
move notification, 7
SNMP notification enable, 8
MAC addressing
VLAN frame encapsulation, 31
MAC relay (LLDP agent), 96
maintaining
Ethernet link aggregation, 24
Layer 2 forwarding (fast), 116
Layer 2 forwarding (normal), 115
spanning tree, 91
VLAN, 37
management address
LLDP encoding format, 107
mapping
MSTP VLAN-to-instance mapping table, 60
master
MSTP master port, 61
max age timer (STP), 53
mCheck
global performance, 82
interface view performance, 82
spanning tree, 81
MED (LLDP-MED trapping), 110
MIB
LLDP basic configuration, 103, 111
LLDP configuration, 96, 102
mode
Ethernet link aggregation dynamic, 12
Ethernet link aggregation LACP operation active, 14
Ethernet link aggregation LACP operation passive, 14
Ethernet link aggregation load sharing, 17
Ethernet link aggregation static, 12, 12
LLDP customer bridge, 103
LLDP disable, 101, 103
LLDP Rx, 101, 103
LLDP service bridge, 103
LLDP Tx, 101, 103
LLDP TxRx, 101, 103
spanning tree mCheck, 81
spanning tree MSTP, 69
spanning tree PVST, 69
spanning tree RSTP, 69
spanning tree STP, 69
modifying
MAC address table blackhole entry, 4
MAC address table entry (global), 3
MAC address table entry (on interface), 3
moving
MAC address table move notification, 7
MPLS
VLAN termination configuration (QinQ unambiguous), 121
MST
region max hops, 72
MSTI
calculation, 63
MST instance, 60
basic concepts, 59
CIST, 61
CIST calculation, 63
common root bridge, 61
configuration, 68, 92
CST, 60
device implementation, 63
feature enable, 81
features, 57
how it works, 62
IST, 61
mode set, 69
MST region, 60
MST region configuration, 70
MSTI, 60
MSTI calculation, 63
port roles, 61
port states, 62
protocol frames, 58
protocols and standards, 66
rapid transition mechanism, 63
regional root, 61
relationships, 57
spanning tree max age timer, 73
spanning tree port mode configuration, 79
VLAN-to-instance mapping table, 60
multicast
VLAN termination transmission, 124
Multiple Spanning Tree Protocol. Use MSTP
N
network
disabling inconsistent PVID protection, 82
Ethernet link aggregation configuration types, 12
Ethernet link aggregation LACP, 14
Ethernet link aggregation member port state, 13, 15
Ethernet link aggregation modes, 12
Ethernet link aggregation operational key, 11
Ethernet link aggregation reference port, 15
Ethernet link aggregation reference port choice, 12
Ethernet link aggregation static mode, 12
Layer 2 Ethernet link aggregation (dynamic), 26
Layer 2 Ethernet link aggregation (static), 24
Layer 2 Ethernet link aggregation load sharing, 28
Layer 2 forwarding (normal), 115
Layer 2 forwarding configuration (fast), 115
LLDP basic configuration, 103, 111
loop detection enable, 40
loop detection interval, 39, 41
loop detection protection action setting, 41
loop protection actions, 39
MAC address move suppression, 7
MAC address table blackhole entry, 4
MAC address table dynamic aging timer, 5
MAC address table entry configuration, 3
MAC address table entry types, 1
MAC address table learning priority, 6
MAC address table move notification, 7
MAC address table SNMP notification, 8
MST region configuration, 70
port isolation configuration (single isolation group), 133
port isolation group assignment (single port), 133
port-based VLAN assignment (access port), 35
port-based VLAN assignment (hybrid port), 36
port-based VLAN assignment (trunk port), 35
port-based VLAN configuration, 33
PVST BPDU guard, 90
RSTP network convergence, 54
RSTP port role, 54
RSTP port state, 55
SNMP notifications for new-root election and topology change events, 91
spanning tree BPDU guard, 87
spanning tree BPDU transmission rate, 75
spanning tree Digest Snooping, 83
spanning tree edge port, 75
spanning tree loop guard, 88
spanning tree mode set, 69
spanning tree No Agreement Check, 84
spanning tree port link type, 79
spanning tree port mode, 79
spanning tree port path cost, 76, 78
spanning tree port priority, 78
spanning tree port role restriction, 89
spanning tree port state transition, 80
spanning tree priority, 72
spanning tree protection features, 87
spanning tree root bridge, 71
spanning tree root bridge (device), 71
spanning tree root guard, 88
spanning tree secondary root bridge (device), 71
spanning tree switched network diameter, 73
spanning tree TC Snooping, 86
spanning tree TC-BPDU guard, 90
spanning tree TC-BPDU transmission restriction, 89
STP algorithm calculation, 48
STP designated bridge, 47
STP designated port, 47
STP path cost, 48
STP port state, 47
STP root bridge, 47
STP root port, 47
VLAN basic configuration, 32
VLAN group configuration, 36
VLAN interface basics, 33
VLAN termination application scenario, 117
VLAN termination configuration (Dot1q ambiguous), 121, 126
VLAN termination configuration (Dot1q PPPoE server support), 128
VLAN termination configuration (Dot1q unambiguous), 121, 125
VLAN termination configuration (Dot1q), 120
VLAN termination configuration (QinQ ambiguous), 122, 130
VLAN termination configuration (QinQ unambiguous), 123, 129
VLAN termination configuration (QinQ), 121
VLAN termination configuration (untagged), 124
VLAN termination default, 124
VLAN termination interface broadcast transmission, 124
VLAN termination interface multicast transmission, 124
VLAN termination types, 117
network management
Ethernet link aggregation configuration, 11, 17, 24
Layer 2 forwarding configuration, 115
LLDP basic concepts, 96
LLDP configuration, 96, 102
loop detection, 38
loop detection configuration, 40, 42
MAC address table configuration, 1, 2, 9
MSTP configuration, 92
port isolation configuration, 133
spanning tree configuration, 45, 66
VLAN configuration, 31
VLAN termination configuration, 117, 120, 125
No Agreement Check (spanning tree), 84
no-learning action (loop detection), 39
notifying
MAC address table move notification, 7
MAC address table SNMP notification, 8
O
operational key (Ethernet link aggregation), 11
organization-specific LLDPDU TLV types, 98
outputting
spanning tree port state transition information, 80
P
P/A transition
rapid transition mechanism, 64
packet
Ethernet link aggregation packet type-based load sharing, 17
VLAN termination configuration, 117, 120, 125
VLAN termination configuration (Dot1q), 120
VLAN termination configuration (QinQ), 121
parameter
spanning tree timeout factor, 75
per-flow load sharing, 17
performing
spanning tree mCheck, 81
spanning tree mCheck globally, 82
spanning tree mCheck in interface view, 82
per-packet load sharing, 17
Per-VLAN Spanning Tree Protocol. Use PVST
polling
LLDP enable, 104
port
Ethernet aggregate interface, 19
Ethernet aggregate interface (description), 19
Ethernet link aggregate group (Selected ports), 19
Ethernet link aggregate interface (default settings), 21
Ethernet link aggregate interface (expected bandwidth), 20
Ethernet link aggregate interface shutdown, 21
Ethernet link aggregation configuration, 11, 17, 24
Ethernet link aggregation configuration types, 12
Ethernet link aggregation group (Layer 2), 17
Ethernet link aggregation group load sharing, 21
Ethernet link aggregation LACP, 14
Ethernet link aggregation LACP port priority, 14
Ethernet link aggregation load sharing mode, 17
Ethernet link aggregation local-first load sharing, 22
Ethernet link aggregation member port, 11
Ethernet link aggregation member port state, 11, 13, 15
Ethernet link aggregation modes, 12
Ethernet link aggregation operational key, 11
Ethernet link aggregation reference port, 15
Ethernet link aggregation reference port choice, 12
Ethernet link aggregation static mode, 12
Ethernet link aggregation traffic redirection, 23
isolation. See port isolation
Layer 2 Ethernet link aggregation (dynamic), 26
Layer 2 Ethernet link aggregation (static), 24
Layer 2 Ethernet link aggregation load sharing, 28
LLDP basic configuration, 103, 111
LLDP configuration, 96, 102
LLDP disable operating mode, 101
LLDP enable, 103
LLDP frame encapsulation format, 109
LLDP frame reception, 102
LLDP frame transmission, 101
LLDP operating mode, 103
LLDP polling, 104
LLDP reinitialization delay, 104
LLDP Rx operating mode, 101
LLDP Tx operating mode, 101
LLDP TxRx operating mode, 101
loop detection configuration, 38, 40, 42
loop detection interval, 39, 41
loop detection protection action setting, 41
loop detection protection actions, 39
loop detection status auto recovery, 39
MAC address learning, 1
MAC address table blackhole entry, 4
MAC address table configuration, 1, 2, 9
MAC address table entry configuration, 3
MST port roles, 61
MST port states, 62
PVST BPDU guard, 90
RSTP network convergence, 54
spanning tree BPDU guard, 87
spanning tree BPDU transmission rate, 75
spanning tree edge port configuration, 75
spanning tree forward delay timer, 73
spanning tree loop guard, 88
spanning tree path cost calculation standard, 76
spanning tree path cost configuration, 76, 78
spanning tree port link type configuration, 79
spanning tree port mode configuration, 79
spanning tree port priority configuration, 78
spanning tree port role restriction, 89
spanning tree port state transition output, 80
spanning tree root guard, 88
spanning tree TC-BPDU guard, 90
spanning tree TC-BPDU transmission restriction, 89
STP designated port, 47
STP root port, 47
VLAN port link type, 33
configuration, 133
configuration (single isolation group), 133
display, 133
group assignment (single port), 133
port state
rapid transition mechanism, 63
port-based VLAN
access port assignment (interface view), 35
access port assignment (VLAN view), 35
assignment (access port), 35
assignment (hybrid port), 36
assignment (trunk port), 35
configuration, 33
port frame handling, 34
port link type, 33
PVID, 34
PPPoE
VLAN termination configuration (Dot1q PPPoE server support), 128
VLAN termination configuration (QinQ unambiguous), 121
priority
Ethernet link aggregation LACP, 14
Ethernet link aggregation LACP port priority, 14
Ethernet link aggregation LACP system priority, 14
MAC address table learning priority, 6
spanning tree device priority, 72
spanning tree port priority configuration, 78
procedure
adding MAC address table blackhole entry, 4
adding MAC address table entry (global), 3
adding MAC address table entry (on interface), 3
assigning MAC address table learning priority to interface, 6
assigning port isolation group (single port), 133
assigning port-based VLAN access port, 35
assigning port-based VLAN access port (interface view), 35
assigning port-based VLAN access port (VLAN view), 35
assigning port-based VLAN hybrid port, 36
assigning port-based VLAN trunk port, 35
configuring Ethernet aggregate interface, 19
configuring Ethernet link aggregation, 17
configuring Ethernet link aggregation group (Layer 2), 17
configuring Ethernet link aggregation group load sharing, 21
configuring Layer 2 Ethernet link aggregation (dynamic), 26
configuring Layer 2 Ethernet link aggregation (static), 24
configuring Layer 2 Ethernet link aggregation group (dynamic), 18
configuring Layer 2 Ethernet link aggregation group (static), 18
configuring Layer 2 Ethernet link aggregation load sharing, 28
configuring Layer 2 forwarding (fast), 115
configuring Layer 2 forwarding (normal), 115
configuring LLDP, 102
configuring LLDP advertisable TLVs, 105
configuring LLDP basics, 103, 111
configuring LLDP management address, 107
configuring LLDP management address encoding format, 107
configuring LLDP trapping, 110
configuring LLDP-MED trapping, 110
configuring loop detection, 40, 42
configuring MAC address move suppression, 7
configuring MAC address table, 2, 9
configuring MAC address table entry, 3
configuring MAC address table frame forwarding rule (on interface), 6
configuring MST region, 70
configuring MST region max hops, 72
configuring MSTP, 68, 92
configuring port isolation (single isolation group), 133
configuring port-based VLAN, 33
configuring PVST, 68
configuring RSTP, 67
configuring spanning tree, 66
configuring spanning tree BPDU transmission rate, 75
configuring spanning tree device priority, 72
configuring spanning tree Digest Snooping, 83
configuring spanning tree edge port, 75
configuring spanning tree No Agreement Check, 84
configuring spanning tree port link type, 79
configuring spanning tree port mode for MSTP frames, 79
configuring spanning tree port path cost, 76, 78
configuring spanning tree port priority, 78
configuring spanning tree port role restriction, 89
configuring spanning tree protection features, 87
configuring spanning tree root bridge, 71
configuring spanning tree root bridge (device), 71
configuring spanning tree secondary root bridge, 71
configuring spanning tree secondary root bridge (device), 71
configuring spanning tree switched network diameter, 73
configuring spanning tree TC Snooping, 86
configuring spanning tree TC-BPDU transmission restriction, 89
configuring spanning tree timeout factor, 75
configuring spanning tree timer, 73
configuring STP, 66
configuring VLAN basic settings, 32
configuring VLAN group, 36
configuring VLAN interface basics, 33
configuring VLAN termination, 120
configuring VLAN termination (default), 124
configuring VLAN termination (Dot1q ambiguous), 120, 121, 126
configuring VLAN termination (Dot1q PPPoE server support), 128
configuring VLAN termination (Dot1q unambiguous), 120, 121, 125
configuring VLAN termination (QinQ ambiguous), 121, 122, 130
configuring VLAN termination (QinQ ambiguous/Layer 2 VLAN ID), 122
configuring VLAN termination (QinQ ambiguous/outermost VLAN ID), 122
configuring VLAN termination (QinQ unambiguous), 121, 129
configuring VLAN termination (QinQ unambiguous/Layer 2 VLAN ID), 123
configuring VLAN termination (QinQ unambiguous/outermost VLAN ID), 123
configuring VLAN termination (untagged), 124
configuring VLAN termination configuration (QinQ ambiguous), 123
disabling inconsistent PVID protection, 82
disabling LLDP PVID inconsistency check, 110
disabling MAC address learning, 4
disabling MAC address learning (global), 4
disabling MAC address learning (on interface), 4
displaying Ethernet link aggregation, 24
displaying Layer 2 forwarding (fast), 116
displaying Layer 2 forwarding (normal), 115
displaying LLDP, 111
displaying loop detection, 42
displaying MAC address table, 9
displaying port isolation, 133
displaying spanning tree, 91
displaying VLAN, 37
enabling Ethernet link aggregation local-first load sharing, 22
enabling Ethernet link aggregation traffic redirection, 23
enabling LLDP, 103
enabling LLDP polling, 104
enabling loop detection (global), 40
enabling loop detection (port-specific), 40
enabling MAC address table move notification, 7
enabling MAC address table SNMP notification, 8
enabling PVST BPDU guard, 90
enabling SNMP notifications for new-root election and topology change events, 91
enabling spanning tree BPDU guard, 87
enabling spanning tree feature, 80
enabling spanning tree loop guard, 88
enabling spanning tree port state transition information output, 80
enabling spanning tree root guard, 88
enabling spanning tree TC-BPDU guard, 90
enabling VLAN termination interface broadcast transmission, 124
enabling VLAN termination interface multicast transmission, 124
maintaining Ethernet link aggregation, 24
maintaining Layer 2 forwarding (fast), 116
maintaining Layer 2 forwarding (normal), 115
maintaining spanning tree, 91
maintaining VLAN, 37
modifying MAC address table blackhole entry, 4
modifying MAC address table entry (global), 3
modifying MAC address table entry (on interface), 3
performing spanning tree mCheck, 81
performing spanning tree mCheck globally, 82
performing spanning tree mCheck in interface view, 82
restoring Ethernet link aggregate interface (default settings), 21
setting Ethernet aggregate interface (description), 19
setting Ethernet link aggregate group (Selected ports), 19
setting Ethernet link aggregate interface (expected bandwidth), 20
setting Ethernet link aggregation group load sharing mode, 21
setting Ethernet link aggregation load sharing mode (global), 21
setting Ethernet link aggregation load sharing mode (group-specific), 22
setting LLDP bridge mode, 103
setting LLDP frame encapsulation format, 109
setting LLDP operating mode, 103
setting LLDP parameters, 108
setting LLDP reinitialization delay, 104
setting loop detection interval, 41
setting loop detection protection action (global), 41
setting loop detection protection action (Layer 2 aggregate interface), 41
setting loop detection protection action (Layer 2 Ethernet interface), 41
setting loop detection protection action (S-channel aggregate interface), 41
setting loop detection protection action (S-channel bundle interface), 41
setting loop detection protection action (S-channel interface), 41
setting MAC address table dynamic aging timer, 5
setting MAC address table learning limit (on interface), 5
setting spanning tree mode, 69
shutting down Ethernet link aggregate interface, 21
specifying spanning tree port path cost calculation standard, 76
protecting
loop detection protection action setting, 41
SNMP notifications for new-root election and topology change events, 91
spanning tree protection features, 87
protocols and standards
Ethernet link aggregation protocol configuration, 12
LLDP, 102
MSTP, 66
MSTP protocol frames, 58
PVST protocol frames, 56
RSTP protocol frames, 54
STP protocol frames, 45
VLAN, 32
PVID
LLDP PVID inconsistency check disable, 110
PVID (port-based VLAN), 34
basic concepts, 57
configuration, 68
feature enable, 81
how it works, 57
mode set, 69
port links, 56
protocol frames, 56
rapid transition mechanism, 63
Q
QinQ
loop detection configuration, 38, 40, 42
VLAN termination configuration (QinQ ambiguous), 121, 122, 123, 130
VLAN termination configuration (QinQ unambiguous), 121, 129
VLAN termination type, 117
R
Rapid Spanning Tree Protocol. Use RSTP
rapid transition mechanism
edge port rapid transition, 63
MSTP, 63
P/A transition, 64
port state, 63
PVST, 63
root port rapid transition, 64
RSTP, 63
rate
spanning tree BPDU transmission rate, 75
receiving
LLDP frames, 102
recovering
loop detection port status auto recovery, 39
reference port (Ethernet link aggregation), 12, 15
region
MST, 60
MST region configuration, 70
MST region max hops, 72
MST regional root, 61
reinitialization delay (LLDP), 104
restoring
Ethernet link aggregate interface (default settings), 21
restrictions
Ethernet link aggregation group, 17
Ethernet link aggregation traffic redirection, 23
LAN switching STP Digest Snooping configuration, 83
LAN switching STP edge port configuration, 76
LAN switching STP mCheck configuration, 82
LAN switching STP port link type configuration, 79
LAN switching STP TC Snooping configuration, 86
spanning tree port role restriction, 89
spanning tree TC-BPDU transmission restriction, 89
STP Digest Snooping configuration, 74
STP edge port configuration, 74
STP mCheck configuration, 74
STP port link type configuration, 74
STP TC Snooping configuration, 74
STP timer configuration, 74
VLAN termination configuration, 119
VLAN termination hardware compatibility, 119
root
MST common root bridge, 61
MST regional root, 61
MST root port role, 61
spanning tree root bridge, 71
spanning tree root bridge (device), 71
spanning tree root guard, 88
spanning tree secondary root bridge (device), 71
STP algorithm calculation, 48
STP root bridge, 47
STP root port, 47
root port rapid transition
rapid transition mechanism, 64
basic concepts, 54
BPDU processing, 55
configuration, 67
feature enable, 81
how it works, 55
mode set, 69
MSTP device implementation, 63
network convergence, 54
port role, 54
port state, 55
protocol frames, 54
rapid transition mechanism, 63
S
selecting
Ethernet link aggregation (Selected ports), 19
Ethernet link aggregation selected state, 11
Ethernet link aggregation unselected state, 11
service
LLDP service bridge mode, 103
setting
Ethernet aggregate interface (description), 19
Ethernet link aggregate group (Selected ports), 19
Ethernet link aggregate interface (expected bandwidth), 20
Ethernet link aggregation group load sharing mode, 21
Ethernet link aggregation load sharing mode (global), 21
Ethernet link aggregation load sharing mode (group-specific), 22
Ethernet link aggregation member port state, 13, 15
LLDP bridge mode, 103
LLDP frame encapsulation format, 109
LLDP operating mode, 103
LLDP parameters, 108
LLDP reinitialization delay, 104
loop detection interval, 41
loop detection protection action (global), 41
loop detection protection action (Layer 2 aggregate interface), 41
loop detection protection action (Layer 2 Ethernet interface), 41
loop detection protection action (S-channel aggregate interface), 41
loop detection protection action (S-channel bundle interface), 41
loop detection protection action (S-channel interface), 41
MAC address table dynamic aging timer, 5
MAC address table learning limit (on interface), 5
spanning tree mode, 69
shutting down
Ethernet link aggregate interface, 21
loop detection shutdown action, 39
SNAP
LLDP frame encapsulation, 97
LLDP frame encapsulation format, 109
SNMP
MAC address table SNMP notification, 8
snooping
spanning tree Digest Snooping, 83
spanning tree TC Snooping, 86
spanning tree, 45, See also STP, RSTP, PVST, MSTP
BPDU guard enable, 87
BPDU transmission rate configuration, 75
configuration, 45, 66
device priority configuration, 72
Digest Snooping, 83
disabling inconsistent PVID protection, 82
displaying, 91
edge port configuration, 75
feature enable, 80
loop guard enable, 88
maintaining, 91
mCheck, 81
mode set, 69
MST region max hops, 72
MSTP, 57, See also MSTP
No Agreement Check, 84
port link type configuration, 79
port mode configuration, 79
port path cost calculation standard, 76
port path cost configuration, 76, 78
port priority configuration, 78
port role restriction, 89
port state transition output, 80
protection features, 87
PVST, 56, See also PVST
PVST BPDU guard, 90
root bridge configuration, 71
root bridge configuration (device), 71
root guard enable, 88
RSTP, 54, See also RSTP
secondary root bridge configuration (device), 71
SNMP notifications for new-root election and topology change events, 91
switched network diameter, 73
TC Snooping, 86
TC-BPDU guard, 90
TC-BPDU transmission restriction, 89
timeout factor configuration, 75
timer configuration, 73
spanning tree configuration
command and hardware compatibility, 66
specifying
spanning tree port path cost calculation standard, 76
state
Ethernet link aggregation member port state, 11, 13, 15
static
Ethernet link aggregation group, 17
Ethernet link aggregation mode, 12
Ethernet link aggregation static mode, 12
Layer 2 Ethernet link aggregation, 24
MAC address table entry, 1
MAC address table entry configuration (global), 3
MAC address table entry configuration (on interface), 3
algorithm calculation, 48
basic concepts, 47
BPDU forwarding, 53
configuration, 66
configuration BPDUs, 45
designated bridge, 47
designated port, 47
Digest Snooping configuration restrictions, 74, 83
edge port configuration restrictions, 74, 76
feature enable, 81
loop detection, 45
mCheck configuration restrictions, 74, 82
mode set, 69
MSTP device implementation, 63
path cost, 48
port link type configuration restrictions, 74, 79
port state, 47
protocol frames, 45
root bridge, 47
root port, 47
TC Snooping configuration restrictions, 74, 86
TCN BPDUs, 46
timer configuration restrictions, 74
timers, 53
suppressing
MAC address move, 7
SVLAN
VLAN termination application scenario, 117
VLAN termination configuration, 117, 120, 125
switching
spanning tree switched network diameter, 73
T
table
MAC address, 1, 2, 9
MSTP VLAN-to-instance mapping table, 60
tag
VLAN termination configuration, 117, 120, 125
VLAN termination configuration (Dot1q), 120
VLAN termination configuration (QinQ), 121
VLAN termination types, 117
TC Snooping (spanning tree), 86
TC-BPDU
spanning tree TC-BPDU guard, 90
spanning tree TC-BPDU transmission restriction, 89
time
Ethernet link aggregation LACP timeout interval, 14
timeout
Ethernet link aggregation LACP long timeout interval, 14
Ethernet link aggregation LACP short timeout interval, 14
spanning tree timeout factor, 75
timer
LLDP reinitialization delay, 104
MAC address table dynamic aging timer, 5
spanning tree forward delay, 73
spanning tree hello, 73
spanning tree max age, 73
STP forward delay, 53
STP hello, 53
STP max age, 53
TLV
LLDP advertisable TLV configuration, 105
LLDP management address configuration, 107
LLDP management address encoding format, 107
LLDP parameters, 108
LLDPDU basic management types, 98
LLDPDU LLDP-MED types, 98
LLDPDU management address TLV, 101
LLDPDU organization-specific types, 98
topology
PVST BPDU protocol frames, 56
STP TCN BPDU protocol frames, 45
traffic
Ethernet link aggregation traffic redirection, 23
transmitting
LLDP frames, 101
spanning tree TC-BPDU transmission restriction, 89
VLAN termination broadcast, 124
VLAN termination multicast, 124
trapping
LLDP configuration, 110
LLDP-MED configuration, 110
trunk port
port-based VLAN assignment (trunk port), 35
type
VLAN termination default, 117
VLAN termination Dot1q, 117
VLAN termination QinQ, 117
VLAN termination untagged, 117
U
untagged VLAN termination, 117, 124
V
virtual
Local Area Network. Use VLAN
Virtual Local Area Network. Use VLAN
basic configuration, 32
configuration, 31
disabling inconsistent PVID protection, 82
display, 37
frame encapsulation, 31
group configuration, 36
interface basics configuration, 33
loop detection configuration, 38, 40, 42
maintain, 37
MSTP VLAN-to-instance mapping table, 60
port isolation configuration, 133
port link type, 33
port-based configuration, 33
port-based VLAN assignment (access port), 35
port-based VLAN assignment (hybrid port), 36
port-based VLAN assignment (trunk port), 35
port-based VLAN frame handling, 34
port-based VLAN PVID, 34
protocols and standards, 32
PVST, 56
VLAN termination
application scenario, 117
configuration, 117, 120, 125
configuration (Dot1q ambiguous), 120, 121, 126
configuration (Dot1q PPPoE server support), 128
configuration (Dot1q unambiguous), 120, 121, 125
configuration (QinQ ambiguous), 121, 122, 130
configuration (QinQ unambiguous), 121, 123, 129
configuration (untagged), 124
configuration restrictions, 119
default, 124
interface broadcast transmission, 124
interface multicast transmission, 124
types, 117
VLAN termination and hardware compatibility, 119
W
WAN access
VLAN termination LAN-WAN communication, 117