03-Layer 2—LAN Switching Configuration Guide

HomeSupportResource CenterSwitchesS12500X-AF SeriesS12500X-AF SeriesTechnical DocumentsConfigure & DeployConfiguration GuidesH3C S12500X-AF Switch Series Configuration Guides(R26xx)-6W10203-Layer 2—LAN Switching Configuration Guide

01-Text

Download Book  (2.58 MB)

Contents

Configuring Ethernet interfaces· 1

Ethernet interface naming conventions· 1

Configuring a management Ethernet interface· 1

Configuring common Ethernet interface settings· 1

Splitting a 40-GE interface and combining 10-GE breakout interfaces· 2

Configuring basic settings of an Ethernet interface or subinterface· 3

Configuring the link mode of an Ethernet interface· 4

Configuring jumbo frame support 4

Configuring physical state change suppression on an Ethernet interface· 5

Configuring dampening on an Ethernet interface· 6

Enabling loopback testing on an Ethernet interface· 7

Configuring generic flow control on an Ethernet interface· 8

Configuring PFC on an Ethernet interface· 9

Setting the statistics polling interval 10

Configuring storm suppression·· 10

Configuring a Layer 2 Ethernet interface· 11

Configuring storm control on an Ethernet interface· 11

Forcibly bringing up a fiber port 12

Configuring a Layer 3 Ethernet interface or subinterface· 14

Setting the MTU for an Ethernet interface or subinterface· 14

Displaying and maintaining an Ethernet interface or subinterface· 14

Configuring loopback, null, and inloopback interfaces· 16

Configuring a loopback interface· 16

Configuring a null interface· 16

Configuring an inloopback interface· 17

Displaying and maintaining loopback, null, and inloopback interfaces· 17

Bulk configuring interfaces· 18

Configuration restrictions and guidelines· 18

Configuration procedure· 18

Displaying and maintaining bulk interface configuration·· 19

Configuring the MAC address table· 20

Overview·· 20

How a MAC address entry is created· 20

Types of MAC address entries· 20

MAC address table configuration task list 21

Configuring MAC address entries· 22

Configuration guidelines· 22

Adding or modifying a static or dynamic MAC address entry globally· 22

Adding or modifying a static or dynamic MAC address entry on an interface· 22

Adding or modifying a blackhole MAC address entry· 23

Adding or modifying a multiport unicast MAC address entry· 23

Disabling MAC address learning· 24

Disabling global MAC address learning· 24

Disabling MAC address learning on interfaces· 25

Setting the aging timer for dynamic MAC address entries· 25

Enabling MAC address synchronization·· 26

Configuring MAC address move notifications and suppression·· 27

Enabling ARP fast update for MAC address moves· 28

Enabling MAC address learning at ingress· 29

Configuring the base MAC address· 29

Enabling SNMP notifications for the MAC address table· 30

Displaying and maintaining the MAC address table· 30

MAC address table configuration example· 31

Network requirements· 31

Configuration procedure· 31

Verifying the configuration·· 31

Configuring MAC Information· 33

Enabling MAC Information·· 33

Configuring the MAC Information mode· 33

Setting the MAC change notification interval 34

Setting the MAC Information queue length·· 34

MAC Information configuration example· 34

Network requirements· 34

Configuration restrictions and guidelines· 34

Configuration procedure· 35

Configuring Ethernet link aggregation· 37

Basic concepts· 37

Aggregation group, member port, and aggregate interface· 37

Aggregation states of member ports in an aggregation group· 37

Operational key· 38

Configuration types· 38

Link aggregation modes· 39

Aggregating links in static mode· 39

Choosing a reference port 39

Setting the aggregation state of each member port 39

Aggregating links in dynamic mode· 40

LACP·· 41

How dynamic link aggregation works· 42

Edge aggregate interface· 44

Load sharing modes for link aggregation groups· 44

Ethernet link aggregation configuration task list 44

Configuring an aggregation group· 45

Configuration restrictions and guidelines· 45

Configuring a Layer 2 aggregation group· 45

Configuring a Layer 3 aggregation group· 46

Configuring an aggregate interface· 48

Configuring the description of an aggregate interface· 48

Setting the MAC address for an aggregate interface· 48

Specifying ignored VLANs for a Layer 2 aggregate interface· 49

Setting the MTU for a Layer 3 aggregate interface· 49

Setting the minimum and maximum numbers of Selected ports for an aggregation group· 50

Setting the expected bandwidth for an aggregate interface· 51

Configuring an edge aggregate interface· 51

Enabling BFD for an aggregation group· 52

Shutting down an aggregate interface· 53

Restoring the default settings for an aggregate interface· 53

Configuring load sharing for link aggregation groups· 54

Setting load sharing modes for link aggregation groups· 54

Enabling local-first load sharing for link aggregation·· 55

Configuring link aggregation load sharing algorithm settings· 55

Enabling link-aggregation traffic redirection·· 56

Configuration restrictions and guidelines· 56

Configuration procedure· 57

Configuring the link aggregation capability for the device· 57

Displaying and maintaining Ethernet link aggregation·· 58

Ethernet link aggregation configuration examples· 58

Layer 2 static aggregation configuration example· 58

Layer 2 dynamic aggregation configuration example· 60

Layer 2 aggregation load sharing configuration example· 62

Layer 2 edge aggregate interface configuration example· 64

Layer 3 static aggregation configuration example· 66

Layer 3 dynamic aggregation configuration example· 67

Layer 3 aggregation load sharing configuration example· 68

Layer 3 edge aggregate interface configuration example· 70

Configuring port isolation· 72

Assigning a port to an isolation group· 72

Displaying and maintaining port isolation·· 72

Port isolation configuration example· 73

Network requirements· 73

Configuration procedure· 73

Verifying the configuration·· 73

Configuring spanning tree protocols· 75

STP·· 75

STP protocol frames· 75

Basic concepts in STP·· 77

Calculation process of the STP algorithm·· 78

RSTP·· 84

RSTP protocol frames· 84

Basic concepts in RSTP·· 84

How RSTP works· 85

RSTP BPDU processing· 85

PVST· 86

PVST protocol frames· 86

Basic concepts in PVST· 87

How PVST works· 87

MSTP·· 87

MSTP features· 87

MSTP protocol frames· 87

MSTP basic concepts· 89

How MSTP works· 92

MSTP implementation on devices· 93

Rapid transition mechanism·· 93

Protocols and standards· 95

Spanning tree configuration task lists· 96

STP configuration task list 96

RSTP configuration task list 97

PVST configuration task list 97

MSTP configuration task list 98

Setting the spanning tree mode· 99

Configuring an MST region·· 99

Configuring the root bridge or a secondary root bridge· 100

Configuring the device as the root bridge of a specific spanning tree· 101

Configuring the device as a secondary root bridge of a specific spanning tree· 101

Configuring the device priority· 101

Configuring the maximum hops of an MST region·· 102

Configuring the network diameter of a switched network· 102

Setting spanning tree timers· 103

Configuration restrictions and guidelines· 103

Configuration procedure· 103

Setting the timeout factor 104

Configuring the BPDU transmission rate· 104

Configuring edge ports· 105

Configuration restrictions and guidelines· 105

Configuration procedure· 105

Configuring path costs of ports· 105

Specifying a standard for the device to use when it calculates the default path cost 106

Configuring path costs of ports· 108

Configuration example· 108

Configuring the port priority· 109

Configuring the port link type· 109

Configuration restrictions and guidelines· 109

Configuration procedure· 110

Configuring the mode a port uses to recognize and send MSTP frames· 110

Enabling outputting port state transition information·· 111

Enabling the spanning tree feature· 111

Enabling the spanning tree feature in STP/RSTP/MSTP mode· 111

Enabling the spanning tree feature in PVST mode· 111

Performing mCheck· 112

Configuration restrictions and guidelines· 112

Performing mCheck globally· 112

Performing mCheck in interface view·· 112

Disabling inconsistent PVID protection·· 113

Configuring Digest Snooping· 113

Configuration restrictions and guidelines· 114

Configuration procedure· 114

Digest Snooping configuration example· 114

Configuring No Agreement Check· 115

Configuration prerequisites· 116

Configuration procedure· 117

No Agreement Check configuration example· 117

Configuring TC Snooping· 117

Configuration restrictions and guidelines· 118

Configuration procedure· 118

Configuring protection features· 118

Configuring BPDU guard· 119

Enabling root guard· 120

Enabling loop guard· 120

Configuring port role restriction·· 121

Configuring TC-BPDU transmission restriction·· 121

Enabling TC-BPDU guard· 122

Enabling BPDU drop· 122

Enabling PVST BPDU guard· 123

Enabling the device to log events of detecting or receiving TC BPDUs· 123

Enabling SNMP notifications for new-root election and topology change events· 123

Displaying and maintaining the spanning tree· 124

Spanning tree configuration example· 125

MSTP configuration example· 125

PVST configuration example· 128

Configuring loop detection· 132

Overview·· 132

Loop detection mechanism·· 132

Loop detection interval 133

Loop protection actions· 133

Port status auto recovery· 133

Loop detection configuration task list 134

Enabling loop detection·· 134

Enabling loop detection globally· 134

Enabling loop detection on a port 134

Setting the loop protection action·· 135

Setting the global loop protection action·· 135

Setting the loop protection action on a Layer 2 Ethernet interface· 135

Setting the loop protection action on a Layer 2 aggregate interface· 135

Setting the loop detection interval 135

Displaying and maintaining loop detection·· 136

Loop detection configuration example· 136

Network requirements· 136

Configuration procedure· 136

Verifying the configuration·· 137

Configuring VLANs· 139

Overview·· 139

VLAN frame encapsulation·· 139

Protocols and standards· 140

Configuring basic VLAN settings· 140

Configuring VLAN interfaces· 141

Configuring port-based VLANs· 142

Introduction·· 142

Assigning an access port to a VLAN·· 143

Assigning a trunk port to a VLAN·· 143

Assigning a hybrid port to a VLAN·· 144

Displaying and maintaining VLANs· 145

Port-based VLAN configuration example· 145

Network requirements· 145

Configuration procedure· 145

Verifying the configuration·· 146

Configuring VLAN mapping· 147

Overview·· 147

VLAN mapping application scenarios· 147

VLAN mapping implementations· 149

VLAN mapping configuration task list 152

Configuring one-to-one VLAN mapping· 153

Configuring one-to-two VLAN mapping· 153

Configuring zero-to-two VLAN mapping· 154

Configuring two-to-two VLAN mapping· 155

Configuring two-to-three VLAN mapping· 156

Displaying and maintaining VLAN mapping· 156

VLAN mapping configuration examples· 157

One-to-one VLAN mapping configuration example· 157

One-to-two and two-to-two VLAN mapping configuration example· 159

Configuring LLDP·· 163

Overview·· 163

Basic concepts· 163

Working mechanism·· 168

Protocols and standards· 169

LLDP configuration task list 169

Performing basic LLDP configurations· 170

Enabling LLDP·· 170

Setting the LLDP bridge mode· 170

Setting the LLDP operating mode· 171

Setting the LLDP reinitialization delay· 171

Enabling LLDP polling· 171

Configuring the advertisable TLVs· 172

Configuring the management address and its encoding format 174

Setting other LLDP parameters· 175

Setting an encapsulation format for LLDP frames· 176

Disabling LLDP PVID inconsistency check· 177

Configuring CDP compatibility· 177

Configuration prerequisites· 177

Configuration procedure· 178

Configuring DCBX·· 178

DCBX configuration task list 179

Enabling LLDP and DCBX TLV advertising· 179

Setting the DCBX version·· 180

Configuring ETS parameters· 180

Configuring PFC parameters· 182

Configuring LLDP trapping and LLDP-MED trapping· 182

Setting the source MAC address of LLDP frames· 183

Enabling the device to generate ARP or ND entries for received management address LLDP TLVs· 184

Displaying and maintaining LLDP·· 184

Basic LLDP configuration example· 185

Network requirements· 185

Configuration procedure· 185

Verifying the configuration·· 186

Configuring service loopback groups· 190

Configuration procedure· 190

Displaying and maintaining service loopback groups· 190

Service loopback group configuration example· 191

Network requirements· 191

Configuration procedure· 191

Index· 192


Configuring Ethernet interfaces

The Switch Series supports Ethernet interfaces, management Ethernet interfaces, Console interfaces, and USB interfaces. For the interface types and the number of interfaces supported by a switch model, see the installation guide.

This chapter describes how to configure management Ethernet interfaces and Ethernet interfaces.

Ethernet interface naming conventions

For a switch in an IRF fabric, its Ethernet interfaces are numbered in the format of interface type A/B/C/D. For a switch not in an IRF fabric, its Ethernet interfaces are numbered in the format of interface type B/C/D. The following definitions apply:

·          A—IRF member ID.

·          B—Slot number of the card in the switch.

·          C—Sub-slot number on a card.

·          D—Number of an interface on a card.

Configuring a management Ethernet interface

A management interface uses an RJ-45 connector. You can connect the interface to a PC for software loading and system debugging, or connect it to a remote NMS for remote system management.

To configure a management Ethernet interface:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter management Ethernet interface view.

interface M-GigabitEthernet interface-number

N/A

3.       (Optional.) Set the interface description.

description text

The default setting is M-GigabitEthernet0/0/0 Interface.

4.       (Optional.) Shut down the interface.

shutdown

By default, the management Ethernet interface is up.

 

 

NOTE:

Set the same speed and duplex mode for a management Ethernet interface and its peer port.

 

Configuring common Ethernet interface settings

This section describes the settings common to Layer 2 Ethernet interfaces, Layer 3 Ethernet interfaces, and Layer 3 Ethernet subinterfaces. For more information about the settings specific to Layer 2 Ethernet interfaces or subinterfaces, see "Configuring a Layer 2 Ethernet interface." For more information about the settings specific to Layer 3 Ethernet interfaces or subinterfaces, see "Configuring a Layer 3 Ethernet interface or subinterface."

Splitting a 40-GE interface and combining 10-GE breakout interfaces

Configuration restrictions and guidelines

All interfaces on the LSXM1CGQ6QGHB1, LSXM1CGQ18QGHB1, LSXM1CGQ18QGHF1, and LSXM1CGQ36HB1 interface modules can be split into four breakout interfaces.

100-GE interfaces on the LSXM1TGS48C2HB1 interface modules cannot be split into four breakout interfaces.

Interfaces numbered 1 through 4, 17 through 22, 35, and 36 on LSXM1QGS36HB1 interface modules can be split into four breakout interfaces.

Interfaces numbered 1 through 13, 16, 19, 22, 25, 28, 31, 34, 37, 40, 43, and 46 on LSXM1QGS48HB1 interface modules can be split into four breakout interfaces.

Splitting a 40-GE interface into four 10-GE breakout interfaces

As a best practice for the long-term system stabilization, reboot the device after configuration.

You can use a 40-GE interface as a single interface. To improve port density, reduce costs, and improve network flexibility, you can also split a 40-GE interface into four 10-GE breakout interfaces. For example, you can split 40-GE interface FortyGigE 1/0/1 into four 10-GE breakout interfaces Ten-GigabitEthernet 1/0/1:1 through Ten-GigabitEthernet 1/0/1:4.

A 40-GE interface split into four 10-GE breakout interfaces must use a dedicated 1-to-4 cable. For more information about the cable, see the installation guides.

The 10-GE breakout interfaces support the same configuration and attributes as common 10-GE interfaces, except that they are numbered in a different way.

After the using tengige command is successfully configured, you can view the four 10-GE breakout interfaces by using the display interface brief command.

To split a 40-GE interface into four 10-GE breakout interfaces:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter 40-GE interface view.

interface interface-type interface-number

N/A

3.       Split the 40-GE interface into four 10-GE breakout interfaces.

using tengige

By default, a 40-GE interface is not split and operates as a single interface.

 

Combining four 10-GE breakout interfaces into a 40-GE interface

As a best practice for the long-term system stabilization, reboot the device after configuration.

If you need higher bandwidth on a single interface, you can combine the four 10-GE breakout interfaces into a 40-GE interface.

After you combine the four 10-GE breakout interfaces, replace the dedicated 1-to-4 cable with a dedicated 1-to-1 cable or a 40-GE transceiver module. For more information about the cable or transceiver module, see the installation guides.

After the using fortygige command is successfully configured, you can view the 40-GE interface by using the display interface brief command.

To combine four 10-GE breakout interfaces into a 40-GE interface:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter the view of any 10-GE breakout interface.

interface interface-type interface-number

N/A

3.       Combine the four 10-GE breakout interfaces into a 40-GE interface.

using fortygige

By default, a 10-GE breakout interface operates as a single interface.

 

Configuring basic settings of an Ethernet interface or subinterface

You can configure an Ethernet interface to operate in one of the following duplex modes:

·          Full-duplex mode—The interface can send and receive packets simultaneously.

·          Autonegotiation mode—The interface negotiates a duplex mode with its peer.

You can set the speed of an Ethernet interface or enable it to automatically negotiate a speed with its peer.

Configuring an Ethernet interface

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter Ethernet interface view.

interface interface-type interface-number

N/A

3.       Set the description for the Ethernet interface.

description text

The default setting is interface-name Interface. For example, HundredGigE1/0/1 Interface.

4.       Set the duplex mode for the Ethernet interface.

duplex { auto | full }

By default, the duplex mode is auto for Ethernet interfaces.

5.       Set the speed for the Ethernet interface.

speed { 1000 | 10000 | 40000 | 100000 | auto }

The default setting is auto for Ethernet interfaces.

Support for the keywords depends on the interface type. For more information, use the speed ? command in interface view.

6.       Set the expected bandwidth for the Ethernet interface.

bandwidth bandwidth-value

By default, the expected bandwidth (in kbps) is the interface baud rate divided by 1000.

7.       Restore the default settings for the Ethernet interface.

default

N/A

8.       Bring up the Ethernet interface.

undo shutdown

By default, Ethernet interfaces are in down state.

The loopback, shutdown, and port up-mode commands are mutually exclusive.

 

Configuring an Ethernet subinterface

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Create an Ethernet subinterface.

interface interface-type interface-number.subnumber

N/A

3.       Set the description for the Ethernet subinterface.

description text

The default setting is interface-name Interface. For example, HundredGigE1/0/1.1 Interface.

4.       Restore the default settings for the Ethernet subinterface.

default

N/A

5.       Set the expected bandwidth for the Ethernet subinterface.

bandwidth bandwidth-value

By default, the expected bandwidth (in kbps) is the interface baud rate divided by 1000.

6.       Bring up the Ethernet subinterface.

undo shutdown

By default, Ethernet subinterfaces are in down state.

The shutdown and port up-mode commands are mutually exclusive.

 

Configuring the link mode of an Ethernet interface

WARNING

CAUTION:

After you change the link mode of an Ethernet interface, all commands (except the shutdown command) on the Ethernet interface are restored to their defaults in the new link mode.

 

The interfaces on this Switch Series can operate either as Layer 2 or Layer 3 Ethernet interfaces.

You can set the link mode to bridge or route.

You might fail to change the link mode of an Ethernet interface because of conflicting configurations on the interface. To solve this problem, manually delete all configurations of the interface and change the link mode again.

To configure the link mode of an Ethernet interface:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter Ethernet interface view.

interface interface-type interface-number

N/A

3.       Configure the link mode of the Ethernet interface.

port link-mode { bridge | route }

By default, Ethernet interfaces operate in bridge mode.

 

Configuring jumbo frame support

An Ethernet interface might receive frames larger than the standard Ethernet frame size during high-throughput data exchanges, such as file transfers. These frames are called jumbo frames.

The Ethernet interface processes jumbo frames in the following ways:

·          When the Ethernet interface is configured to deny jumbo frames, the Ethernet interface discards jumbo frames.

·          When the Ethernet interface is configured with jumbo frame support, the Ethernet interface performs the following operations:

?  Processes jumbo frames within the specified length.

?  Discards jumbo frames that exceed the specified length.

To configure jumbo frame support in interface view:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter Ethernet interface view.

interface interface-type interface-number

N/A

3.       Configure jumbo frame support.

jumboframe enable [ size ]

By default, the switch allows jumbo frames within 12288 bytes to pass through all Ethernet interfaces.

 

Configuring physical state change suppression on an Ethernet interface

IMPORTANT

IMPORTANT:

Do not enable this feature on an interface that has RRPP, spanning tree protocols, or Smart Link enabled.

 

The physical link state of an Ethernet interface is either up or down. Each time the physical link of an interface comes up or goes down, the interface immediately reports the change to the CPU. The CPU then performs the following operations:

·          Notifies the upper-layer protocol modules (such as routing and forwarding modules) of the change for guiding packet forwarding.

·          Automatically generates traps and logs to inform users to take the correct actions.

To prevent frequent physical link flapping from affecting system performance, configure physical state change suppression. You can configure this feature to suppress only link-down events, only link-up events, or both. If an event of the specified type still exists when the suppression interval expires, the system reports the event.

When you configure this feature, follow these guidelines:

·          To suppress only link-down events, configure the link-delay [ msec ] delay-time command.

·          To suppress only link-up events, configure the link-delay [ msec ] delay-time mode up command.

·          To suppress both link-down and link-up events, configure the link-delay [ msec ] delay-time mode updown command.

To configure physical state change suppression on an Ethernet interface:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter Ethernet interface view.

interface interface-type interface-number

N/A

3.       Configure physical state change suppression.

link-delay [ msec ] delay-time [ mode { up | updown }]

By default, the link-down or link-up event is immediately reported to the CPU.

If you configure this command multiple times on an Ethernet interface, the most recent configuration takes effect.

 

Configuring dampening on an Ethernet interface

The interface dampening feature uses an exponential decay mechanism to prevent excessive interface flapping events from adversely affecting routing protocols and routing tables in the network. Suppressing interface state change events protects the system resources.

If an interface is not dampened, its state changes are reported. For each state change, the system also generates an SNMP trap and log message.

After a flapping interface is dampened, it does not report its state changes to the CPU. For state change events, the interface only generates SNMP trap and log messages.

Parameters

·          Penalty—The interface has an initial penalty of 0. When the interface flaps, the penalty increases by 1000 for each down event until the ceiling is reached. It does not increase for up events. When the interface stops flapping, the penalty decreases by half each time the half-life timer expires until the penalty drops to the reuse threshold.

·          Ceiling—The penalty stops increasing when it reaches the ceiling.

·          Suppress-limit—The accumulated penalty that triggers the device to dampen the interface. In dampened state, the interface does not report its state changes to the CPU. For state change events, the interface only generates SNMP traps and log messages.

·          Reuse-limit—When the accumulated penalty decreases to this reuse threshold, the interface is not dampened. Interface state changes are reported to the upper layers. For each state change, the system also generates an SNMP trap and log message.

·          Decay—The amount of time (in seconds) after which a penalty is decreased.

·          Max-suppress-time—The maximum amount of time the interface can be dampened. If the penalty is still higher than the reuse threshold when this timer expires, the penalty stops increasing for down events. The penalty starts to decrease until it drops below the reuse threshold.

The ceiling is equal to 2(Max-suppress-time/Decay)  × reuse-limit. It is not user configurable.

Figure 1 shows the change rule of the penalty value. The lines t0 and t2 indicate the start time and end time of the suppression, respectively. The period from t0 to t2 indicates the suppression period, t0 to t1 indicates the max-suppress-time, and t1 to t2 indicates the complete decay period.

Figure 1 Change rule of the penalty value

 

Configuration restrictions and guidelines

When you configure dampening on an Ethernet interface, follow these restrictions and guidelines:

·          The dampening command and the link-delay command cannot be configured together on an interface.

·          The dampening command does not take effect on the administratively down events. When you execute the shutdown command, the penalty restores to 0, and the interface reports the down event to the upper-layer protocols.

·          Do not enable the dampening feature on an interface with RRPP, MSTP, or Smart Link enabled.

Configuration procedure

To configure dampening on an Ethernet interface:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter Ethernet interface view.

interface interface-type interface-number

N/A

3.       Enable dampening on the interface.

dampening [ half-life reuse suppress max-suppress-time ]

By default, interface dampening is disabled on Ethernet interfaces.

 

Enabling loopback testing on an Ethernet interface

CAUTION

CAUTION:

After you enable this feature on an Ethernet interface, the interface cannot forward data traffic correctly.

 

Perform this task to determine whether an Ethernet link works correctly.

Loopback testing includes the following types:

·          Internal loopback testing—Tests the device where the Ethernet interface resides. The Ethernet interface sends outgoing packets back to the local device. If the device fails to receive the packets, the device fails.

·          External loopback testing—Tests the inter-device link. The Ethernet interface sends incoming packets back to the remote device. If the remote device fails to receive the packets, the inter-device link fails.

Configuration restrictions and guidelines

·          On an administratively shut down Ethernet interface (displayed as in ADM or Administratively DOWN state), you cannot perform an internal or external loopback test.

·          The speed, duplex, and shutdown commands are not available during a loopback test.

·          A loopback test cannot be performed on an interface configured with the port up-mode command.

·          During a loopback test, the Ethernet interface operates in full duplex mode. When a loopback test is complete, the port returns to its duplex setting..

Configuration procedure

To enable loopback testing on an Ethernet interface:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter Ethernet interface view.

interface interface-type interface-number

N/A

3.       Enable loopback testing.

loopback { external | internal }

By default, no loopback test is performed.

 

Configuring generic flow control on an Ethernet interface

To avoid dropping packets on a link, you can enable generic flow control at both ends of the link. When traffic congestion occurs at the receiving end, the receiving end sends a flow control (Pause) frame to ask the sending end to suspend sending packets. Generic flow control includes the following types:

·          TxRx-mode generic flow control—Enabled by using the flow-control command. With TxRx-mode generic flow control enabled, an interface can both send and receive flow control frames:

?  When congestion occurs, the interface sends a flow control frame to its peer.

?  When the interface receives a flow control frame from its peer, it suspends sending packets to its peer.

·          Rx-mode generic flow control—Enabled by using the flow-control receive enable command. With Rx-mode generic flow control enabled, an interface can receive flow control frames, but it cannot send flow control frames:

?  When congestion occurs, the interface cannot send flow control frames to its peer.

?  When the interface receives a flow control frame from its peer, it suspends sending packets to its peer.

To handle unidirectional traffic congestion on a link, configure the flow-control receive enable command at one end and the flow-control command at the other end. To enable both ends of a link to handle traffic congestion, configure the flow-control command at both ends.

This feature is mutually exclusive with PFC.

To enable generic flow control on an Ethernet interface:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter Ethernet interface view.

interface interface-type interface-number

N/A

3.       Enable generic flow control.

·         Enable TxRx-mode generic flow control:
flow-control

·         Enable Rx-mode generic flow control:
flow-control receive enable

By default, generic flow control is disabled on an Ethernet interface.

 

Configuring PFC on an Ethernet interface

When congestion occurs in the network, the local device notifies the peer to stop sending packets carrying the specified 802.1p priority if all of the following conditions exist:

·          Both the local end and the remote end have PFC enabled.

·          Both the local end and the remote end have the priority-flow-control no-drop dot1p command configured.

·          The specified 802.1p priority is in the 802.1p priority list specified by the dot1p-list argument.

·          The local end receives a packet carrying the specified 802.1p priority.

The state of the PFC feature is determined by the PFC configuration on the local end and on the peer end. In Table 1:

·          The first row lists the PFC configuration on the local interface.

·          The first column lists the PFC configuration on the peer.

·          The Enabled and Disabled fields in other cells are possible negotiation results.

Make sure all interfaces that a data flow passes through have the same PFC configuration.

Table 1 PFC configurations and negotiation results

Local (right)

Peer (below)

enable

auto

Default

enable

Enabled

Enabled.

Disabled

auto

Enabled

·         Enabled if negotiation succeeds.

·         Disabled if negotiation fails.

Disabled

Default

Disabled

Disabled.

Disabled

 

Configuration restrictions and guidelines

When you configure PFC, follow these restrictions and guidelines:

·          For IRF and other protocols to operate correctly, as a best practice, do not enable PFC for 802.1p priorities 0, 6, and 7.

·          To avoid packet loss, apply the same PFC configuration to all interfaces that the packets pass through.

·          If you do not enable PFC on an interface, the interface can receive but cannot process PFC pause frames. To make PFC take effect, you must enable PFC on both ends.

·          If you configure the flow control or flow-control receive enable command on a PFC-enabled interface, the following rules apply:

?  The PFC configuration takes effect.

?  The configuration of the flow control or flow-control receive enable command is ignored.

?  The flow control or flow-control receive enable command takes effect on the interface only when PFC is disabled on it.

·          PFC and generic flow control are mutually exclusive.

Configuration procedure

To configure PFC on an Ethernet interface:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter Ethernet interface view.

interface interface-type interface-number

N/A

3.       Enable PFC in auto mode or forcibly on the Ethernet interface.

priority-flow-control { auto | enable }

By default, PFC is disabled.

4.       Enable PFC for 802.1p priorities.

priority-flow-control no-drop dot1p dot1p-list

By default, PFC is disabled for all 802.1p priorities.

 

Setting the statistics polling interval

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter Ethernet interface view.

interface interface-type interface-number

N/A

3.       Set the statistics polling interval for the Ethernet interface.

flow-interval interval

By default, the statistics polling interval is 300 seconds.

 

To display the interface statistics collected in the last statistics polling interval, use the display interface command.

Configuring storm suppression

The storm suppression feature ensures that the size of a particular type of traffic (broadcast, multicast, or unknown unicast traffic) does not exceed the threshold on an interface. When the broadcast, multicast, or unknown unicast traffic on the interface exceeds this threshold, the system discards packets until the traffic drops below this threshold.

Both storm suppression and storm control can suppress storms on an interface. Storm suppression uses the chip to suppress traffic. Storm suppression has less impact on the device performance than storm control, which uses software to suppress traffic.

Configuration restrictions and guidelines

When you configure storm suppression, follow these restrictions and guidelines:

·          For the traffic suppression result to be determined, do not configure storm control together with storm suppression for the same type of traffic. For more information about storm control, see "Configuring storm control on an Ethernet interface."

·          When you configure the suppression threshold in kbps, the actual suppression threshold might be different from the configured one as follows:

?  If the configured value is smaller than 64, the value of 64 takes effect.

?  If the configured value is greater than 64 but not an integer multiple of 64, the integer multiple of 64 that is greater than and closest to the configured value takes effect.

For the suppression threshold that takes effect, see the prompt on the device.

Configuration procedure

To set storm suppression thresholds on an Ethernet interface:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter Ethernet interface view.

interface interface-type interface-number

N/A

3.       Enable broadcast suppression and set the broadcast suppression threshold.

broadcast-suppression { ratio | pps max-pps | kbps max-kbps }

By default, broadcast suppression is disabled.

4.       Enable multicast suppression and set the multicast suppression threshold.

multicast-suppression { ratio | pps max-pps | kbps max-kbps }

By default, multicast suppression is disabled.

5.       Enable unknown unicast suppression and set the unknown unicast suppression threshold.

unicast-suppression { ratio | pps max-pps | kbps max-kbps }

By default, unknown unicast suppression is disabled.

 

Configuring a Layer 2 Ethernet interface

Configuring storm control on an Ethernet interface

About storm control

Storm control compares broadcast, multicast, and unknown unicast traffic regularly with their respective traffic thresholds on an Ethernet interface. For each type of traffic, storm control provides a lower threshold and an upper threshold.

Depending on your configuration, when a particular type of traffic exceeds its upper threshold, the interface performs either of the following operations:

·          Blocks this type of traffic and forwards other types of traffic—Even though the interface does not forward the blocked traffic, it still counts the traffic. When the blocked traffic drops below the lower threshold, the interface begins to forward the traffic.

·          Goes down automatically—The interface goes down automatically and stops forwarding any traffic. When the blocked traffic drops below the lower threshold, the interface does not automatically come up. To bring up the interface, use the undo shutdown command or disable the storm control feature.

You can configure an Ethernet interface to output threshold event traps and log messages when monitored traffic meets one of the following conditions:

·          Exceeds the upper threshold.

·          Drops below the lower threshold.

Both storm suppression and storm control can suppress storms on an interface. Storm suppression uses the chip to suppress traffic. Storm suppression has less impact on the device performance than storm control, which uses software to suppress traffic.

Storm control uses a complete polling cycle to collect traffic data, and analyzes the data in the next cycle. An interface takes one to two polling intervals to take a storm control action.

Configuration restrictions and guidelines

For the traffic suppression result to be determined, do not configure storm control together with storm suppression for the same type of traffic. For more information about storm suppression, see "Configuring storm suppression."

Configuration procedure

To configure storm control on an Ethernet interface:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       (Optional.) Set the statistics polling interval of the storm control module.

storm-constrain interval interval

The default setting is 10 seconds.

For network stability, use the default or set a longer statistics polling interval.

3.       Enter Ethernet interface view.

interface interface-type interface-number

N/A

4.       (Optional.) Enable storm control, and set the lower and upper thresholds for broadcast, multicast, or unknown unicast traffic.

storm-constrain { broadcast | multicast | unicast } { pps | kbps | ratio } max-pps-values min-pps-values

By default, storm control is disabled.

5.       Set the control action to take when monitored traffic exceeds the upper threshold.

storm-constrain control { block | shutdown }

By default, storm control is disabled.

6.       (Optional.) Enable the Ethernet interface to output log messages when it detects storm control threshold events.

storm-constrain enable log

By default, the Ethernet interface outputs log messages when monitored traffic exceeds the upper threshold or drops below the lower threshold.

7.       (Optional.) Enable the Ethernet interface to send storm control threshold event traps.

storm-constrain enable trap

By default, the Ethernet interface sends traps when monitored traffic exceeds the upper threshold or drops below the lower threshold from the upper threshold.

Forcibly bringing up a fiber port

IMPORTANT

IMPORTANT:

Copper ports do not support this feature.

 

As shown in Figure 2, a fiber port uses separate fibers for transmitting and receiving packets. The physical state of the fiber port is up only when both transmit and receive fibers are physically connected. If one of the fibers is disconnected, the fiber port does not work.

To enable a fiber port to forward traffic over a single link, you can use the port up-mode command. This command forcibly brings up a fiber port, even when no fiber links or transceiver modules are present for the fiber port. When one fiber link is present and up, the fiber port can forward packets over the link unidirectionally.

Figure 2 Forcibly bring up a fiber port

 

Configuration restrictions and guidelines

When you forcibly bring up a fiber port, follow these restrictions and guidelines:

·          The loopback, shutdown, and port up-mode commands are mutually exclusive.

·          The following operations on a fiber port will cause link updown events before the port finally stays up:

?  Configure both the port up-mode command and the speed or duplex command.

?  Install or remove fiber links or transceiver modules after you forcibly bring up the fiber port.

Configuration procedure

To forcibly bring up a fiber port:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter Ethernet interface view.

interface interface-type interface-number

N/A

3.       Forcibly bring up the fiber port.

port up-mode

By default, a fiber port is not forcibly brought up, and the physical state of a fiber port depends on the physical state of the fibers.

 

Configuring a Layer 3 Ethernet interface or subinterface

Setting the MTU for an Ethernet interface or subinterface

The maximum transmission unit (MTU) of an Ethernet interface affects the fragmentation and reassembly of IP packets on the interface. Typically, you do not need to modify the MTU of an interface.

To set the MTU for an Ethernet interface or subinterface:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter Ethernet interface or subinterface view.

interface interface-type { interface-number | interface-number.subnumber }

N/A

3.       Set the MTU of the Ethernet interface or subinterface.

mtu size

The default setting is 1500 bytes.

 

Displaying and maintaining an Ethernet interface or subinterface

Execute display commands in any view and reset commands in user view.

 

Task

Command

Display interface traffic statistics.

display counters { inbound | outbound } interface [ interface-type [ interface-number ] ]

Display traffic rate statistics of interfaces in up state over the last statistics polling interval.

display counters rate { inbound | outbound } interface [ interface-type [ interface-number ] ]

Display the operational and status information of the specified interfaces.

display interface [ interface-type [ interface-number | interface-number.subnumber ] ] [ brief [ description | down ] ]

Display information about dropped packets on the specified interfaces.

display packet-drop { interface [ interface-type [ interface-number | interface-number.subnumber ] ] | summary }

Display the PFC information for an interface.

display priority-flow-control interface [ interface-type [ interface-number ] ]

Display information about storm control on the specified interfaces.

display storm-constrain [ broadcast | multicast | unicast ] [ interface interface-type interface-number ]

(In standalone mode.) Display the Ethernet module statistics.

display ethernet statistics slot slot-number

(In IRF mode.) Display the Ethernet module statistics.

display ethernet statistics chassis chassis-number slot slot-number

Clear interface or subinterface statistics.

reset counters interface [ interface-type [ interface-number ] ]

Clear the statistics of dropped packets on the specified interfaces.

reset packet-drop interface [ interface-type [ interface-number ] ]

(In standalone mode.) Clear the Ethernet module statistics.

reset ethernet statistics [ slot slot-number ]

(In IRF mode.) Clear the Ethernet module statistics.

reset ethernet statistics [ chassis chassis-number slot slot-number ]

 

 


Configuring loopback, null, and inloopback interfaces

This chapter describes how to configure a loopback interface, a null interface, and an inloopback interface.

Configuring a loopback interface

A loopback interface is a virtual interface. The physical layer state of a loopback interface is always up unless the loopback interface is manually shut down. Because of this benefit, loopback interfaces are widely used in the following scenarios:

·          Configuring a loopback interface address as the source address of the IP packets that the device generates—Because loopback interface addresses are stable unicast addresses, they are usually used as device identifications.

?  When you configure a rule on an authentication or security server to permit or deny packets that a device generates, you can simplify the rule by configuring it to permit or deny packets carrying the loopback interface address that identifies the device.

?  When you use a loopback interface address as the source address of IP packets, make sure the route from the loopback interface to the peer is reachable by performing routing configuration. All data packets sent to the loopback interface are considered packets sent to the device itself, so the device does not forward these packets.

·          Using a loopback interface in dynamic routing protocols—With no router ID configured for a dynamic routing protocol, the system selects the highest loopback interface IP address as the router ID. In BGP, to avoid interruption of BGP sessions due to physical port failure, you can use a loopback interface as the source interface of BGP packets.

To configure a loopback interface:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Create a loopback interface and enter loopback interface view.

interface loopback interface-number

N/A

3.       Configure the interface description.

description text

The default setting is interface name Interface (for example, LoopBack1 Interface).

4.       Configure the expected bandwidth of the loopback interface.

bandwidth bandwidth-value

By default, the expected bandwidth of a loopback interface is 0 kbps.

5.       Restore the default settings for the loopback interface.

default

N/A

6.       Bring up the loopback interface.

undo shutdown

By default, a loopback interface is up.

 

Configuring a null interface

A null interface is a virtual interface and is always up, but you cannot use it to forward data packets or configure it with an IP address or link layer protocol. The null interface provides a simpler way to filter packets than ACL. You can filter undesired traffic by transmitting it to a null interface instead of applying an ACL. For example, if you specify a null interface as the next hop of a static route to a network segment, any packets routed to the network segment are dropped.

To configure a null interface:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter null interface view.

interface null 0

Interface Null 0 is the default null interface on the device and cannot be manually created or removed.

Only one null interface, Null 0, is supported on the device. The null interface number is always 0.

3.       Configure the interface description.

description text

The default setting is NULL0 Interface.

4.       Restore the default settings for the null interface.

default

N/A

 

Configuring an inloopback interface

An inloopback interface is a virtual interface created by the system, which cannot be configured or deleted. The physical layer and link layer protocol states of an inloopback interface are always up. All IP packets sent to an inloopback interface are considered packets sent to the device itself and are not forwarded.

Displaying and maintaining loopback, null, and inloopback interfaces

Execute display commands in any view and reset commands in user view.

 

Task

Command

Display information about the specified or all loopback interfaces.

display interface loopback [ interface-number ] [ brief [ description | down ] ]

Display information about the null interface.

display interface null [ 0 ] [ brief [ description | down ] ]

Display information about the inloopback interface.

display interface inloopback [ 0 ] [ brief [ description | down ] ]

Clear the statistics on the specified or all loopback interfaces.

reset counters interface loopback [ interface-number ]

Clear the statistics on the null interface.

reset counters interface null [ 0 ]

 


Bulk configuring interfaces

You can enter interface range view to bulk configure multiple interfaces with the same feature instead of configuring them one by one. For example, you can execute the shutdown command in interface range view to shut down a range of interfaces.

Configuration restrictions and guidelines

When you bulk configure interfaces in interface range view, follow these restrictions and guidelines:

·          In interface range view, only commands supported by the first interface in the specified interface list are available for configuration.

·          Before you configure an interface as the first interface in an interface range, make sure you can enter the view of the interface by using the interface interface-type { interface-number | interface-number.subnumber } command.

·          Do not assign both an aggregate interface and any of its member interfaces to an interface range. Some commands, after being executed on both an aggregate interface and its member interfaces, can break up the aggregation.

·          Understand that the more interfaces you specify in an interface range, the longer the command execution time.

·          To guarantee bulk interface configuration performance, configure fewer than 1000 interface range names.

·          After a command is executed in interface range view, one of the following situations might occur:

?  The system displays an error message and stays in interface range view. It means that the execution failed on one or multiple member interfaces.

-      If the execution failed on the first member interface, the command is not executed on any member interfaces.

-      If the execution failed on a non-first member interface, the command takes effect on the remaining member interfaces.

?  The system returns to system view. It means that:

-      The command is supported in both system view and interface view.

-      The execution failed on a member interface in interface range view and succeeded in system view.

-      The command is not executed on the subsequent member interfaces.

You can use the display this command to verify the configuration in interface view of each member interface. In addition, if the configuration in system view is not needed, use the undo form of the command to remove the configuration.

Configuration procedure

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter interface range view.

·         interface range { interface-type interface-number [ to interface-type interface-number ] } &<1-24>

·         interface range name name [ interface { interface-type interface-number [ to interface-type interface-number ] } &<1-24> ]

By using the interface range name command, you assign a name to an interface range and can specify this name rather than the interface range to enter the interface range view.

3.       (Optional.) Display commands available for the first interface in the interface range.

Enter a question mark (?) at the interface range prompt.

N/A

4.       Use available commands to configure the interfaces.

Available commands depend on the interface.

N/A

5.       (Optional.) Verify the configuration.

display this

N/A

 

Displaying and maintaining bulk interface configuration

Execute the display command in any view.

 

Task

Command

Display information about the interface ranges created by using the interface range name command.

display interface range [ name name ]

 


Configuring the MAC address table

Overview

An Ethernet device uses a MAC address table to forward frames. A MAC address entry includes a destination MAC address, an outgoing interface, and a VLAN ID. When the device receives a frame, it uses the destination MAC address of the frame to look for a match in the MAC address table.

·          The device forwards the frame out of the outgoing interface in the matching entry if a match is found.

·          The device floods the frame in the VLAN of the frame if no match is found.

How a MAC address entry is created

The entries in the MAC address table include entries automatically learned by the device and entries manually added.

MAC address learning

The device can automatically populate its MAC address table by learning the source MAC addresses of incoming frames on each interface.

The device performs the following operations to learn the source MAC address of incoming packets:

1.        Checks the source MAC address (for example, MAC-SOURCE) of the frame.

2.        Looks up the source MAC address in the MAC address table.

?  The device updates the entry if an entry is found.

?  The device adds an entry for MAC-SOURCE and the incoming port if no entry is found.

When the device receives a frame destined for MAC-SOURCE after learning this source MAC address, the device performs the following operations:

3.        Finds the MAC-SOURCE entry in the MAC address table.

4.        Forwards the frame out of the port in the entry.

The device performs the learning process for each incoming frame with an unknown source MAC address until the table is fully populated.

Manually configuring MAC address entries

Dynamic MAC address learning does not distinguish between illegitimate and legitimate frames, which can invite security hazards. When Host A is connected to port A, a MAC address entry will be learned for the MAC address of Host A (for example, MAC A). When an illegal user sends frames with MAC A as the source MAC address to port B, the device performs the following operations:

1.        Learns a new MAC address entry with port B as the outgoing interface and overwrites the old entry for MAC A.

2.        Forwards frames destined for MAC A out of port B to the illegal user.

As a result, the illegal user obtains the data of Host A. To improve the security for Host A, manually configure a static entry to bind Host A to port A. Then, the frames destined for Host A are always sent out of port A. Other hosts using the forged MAC address of Host A cannot obtain the frames destined for Host A.

Types of MAC address entries

A MAC address table can contain the following types of entries:

·          Static entries—A static entry is manually added to forward frames with a specific destination MAC address out of the associated interface, and it never ages out. A static entry has higher priority than a dynamically learned one.

·          Dynamic entries—A dynamic entry can be manually configured or dynamically learned to forward frames with a specific destination MAC address out of the associated interface. A dynamic entry might age out. A manually configured dynamic entry has the same priority as a dynamically learned one.

·          Blackhole entries—A blackhole entry is manually configured and never ages out. A blackhole entry is configured for filtering out frames with a specific source or destination MAC address. For example, to block all frames destined for or sourced from a user, you can configure the MAC address of the user as a blackhole MAC address entry. A blackhole entry has higher priority than a dynamically learned one.

·          Multiport unicast entries—A multiport unicast entry is manually added to send frames with a specific unicast destination MAC address out of multiple ports, and it never ages out. A multiport unicast entry has higher priority than a dynamically learned one.

A static, blackhole, or multiport unicast MAC address entry can overwrite a dynamic MAC address entry, but not vice versa. A static entry, a blackhole entry, and a multiport unicast entry cannot overwrite one another.

Multiport unicast MAC address entries have no impact on the MAC address learning. When receiving a frame whose source MAC address matches a multiport unicast entry, the device can still learn the MAC address of the frame and generate a dynamic entry. However, the generated dynamic entry has lower priority. The device prefers to use the multiport unicast entry to forward frames destined for the MAC address in the entry.

MAC address table configuration task list

The configuration tasks discussed in the following sections can be performed in any order.

This document covers only the configuration of unicast MAC address entries, including static, dynamic, blackhole, and multiport unicast MAC address entries. For information about configuring static multicast MAC address entries, see IP Multicast Configuration Guide.

To configure the MAC address table, perform the following tasks:

 

Tasks at a glance

(Optional.) Configuring MAC address entries

·         Adding or modifying a static or dynamic MAC address entry globally

·         Adding or modifying a static or dynamic MAC address entry on an interface

·         Adding or modifying a blackhole MAC address entry

·         Adding or modifying a multiport unicast MAC address entry

(Optional.) Disabling MAC address learning

(Optional.) Setting the aging timer for dynamic MAC address entries

(Optional.) Enabling MAC address synchronization

(Optional.) Configuring MAC address move notifications and suppression

(Optional.) Enabling ARP fast update for MAC address moves

(Optional.) Enabling MAC address learning at ingress

(Optional.) Configuring the base MAC address

(Optional.) Enabling SNMP notifications for the MAC address table

 

Configuring MAC address entries

Configuration guidelines

·          You cannot add a dynamic MAC address entry if a learned entry already exists with a different outgoing interface for the MAC address.

·          The manually configured static, blackhole, and multiport unicast MAC address entries cannot survive a reboot if you do not save the configuration. The manually configured dynamic MAC address entries are lost upon reboot whether or not you save the configuration.

A frame whose source MAC address matches different types of MAC address entries is processed differently.

 

Type

Description

Static MAC address entry

Forwards the frame according to the destination MAC address regardless of whether the frame's ingress interface is the same as that in the entry.

Multiport unicast MAC address entry

·         Learns the MAC address (MACA) of the frame and generates a dynamic MAC address entry, but the generated dynamic MAC address entry does not take effect.

·         Forwards frames destined for MACA based on the multiport unicast MAC address entry.

Blackhole MAC address entry

Drops the frame.

Dynamic MAC address entry

·         Learns the MAC address of the frames received on a different interface from that in the entry and overwrites the original entry.

·         Forwards the frame received on the same interface as that in the entry and updates the aging timer for the entry.

 

Adding or modifying a static or dynamic MAC address entry globally

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Add or modify a static or dynamic MAC address entry.

mac-address { dynamic | static } mac-address interface interface-type interface-number vlan vlan-id

By default, no MAC address entry is configured globally.

Make sure you have created the VLAN and assigned the interface to the VLAN.

 

Adding or modifying a static or dynamic MAC address entry on an interface

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter interface view.

·         Enter Layer 2 Ethernet interface view:
interface interface-type interface-number

·         Enter Layer 2 aggregate interface view:
interface bridge-aggregation interface-number

N/A

3.       Add or modify a static or dynamic MAC address entry.

mac-address { dynamic | static } mac-address vlan vlan-id

By default, no MAC address entry is configured on the interface.

Make sure you have created the VLAN and assigned the interface to the VLAN.

 

Adding or modifying a blackhole MAC address entry

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Add or modify a blackhole MAC address entry.

mac-address blackhole mac-address vlan vlan-id

By default, no blackhole MAC address entry is configured.

Make sure you have created the VLAN.

 

Adding or modifying a multiport unicast MAC address entry

You can configure a multiport unicast MAC address entry to associate a unicast destination MAC address with multiple ports. The frame with a destination MAC address matching the entry is sent out of multiple ports.

For example, in NLB unicast mode (see Figure 3):

·          All servers within a cluster uses the cluster's MAC address as their own address.

·          Frames destined for the cluster are forwarded to every server in the group.

In this case, you can configure a multiport unicast MAC address entry on the device connected to the server group. Then, the device forwards the frame destined for the server group to every server through all ports connected to the servers within the cluster.

Figure 3 NLB cluster

 

You can configure a multiport unicast MAC address entry globally or on an interface.

Configuring a multiport unicast MAC address entry globally

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Add or modify a multiport unicast MAC address entry.

mac-address multiport mac-address interface interface-list vlan vlan-id

By default, no multiport unicast MAC address entry is configured globally.

Make sure you have created the VLAN and assigned the interface to the VLAN.

 

Configuring a multiport unicast MAC address entry on an interface

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter interface view.

·         Enter Layer 2 Ethernet interface view:
interface interface-type interface-number

·         Enter Layer 2 aggregate interface view:
interface bridge-aggregation interface-number

N/A

3.       Add the interface to a multiport unicast MAC address entry.

mac-address multiport mac-address vlan vlan-id

By default, no multiport unicast MAC address entry is configured on the interface.

Make sure you have created the VLAN and assigned the interface to the VLAN.

 

Disabling MAC address learning

MAC address learning is enabled by default. To prevent the MAC address table from being saturated when the device is experiencing attacks, disable MAC address learning. For example, you can disable MAC address learning to prevent the device from being attacked by a large amount of frames with different source MAC addresses.

After MAC address learning is disabled, the device immediately deletes existing dynamic MAC address entries.

Disabling global MAC address learning

Global MAC address learning does not take effect on a VXLAN VSI. For information about VXLAN VSIs, see VXLAN Configuration Guide.

To disable global MAC address learning:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Disable global MAC address learning.

undo mac-address mac-learning enable

By default, global MAC address learning is enabled.

 

Disabling MAC address learning on interfaces

When global MAC address learning is enabled, you can disable MAC address learning on a single interface.

To disable MAC address learning on an interface:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter interface view.

·         Enter Layer 2 Ethernet interface view:
interface interface-type interface-number

·         Enter Layer 2 aggregate interface view:
interface bridge-aggregation interface-number

N/A

3.       Disable MAC address learning on the interface.

undo mac-address mac-learning enable

By default, MAC address learning on the interface is enabled.

 

Setting the aging timer for dynamic MAC address entries

For security and efficient use of table space, the MAC address table uses an aging timer for each dynamic MAC address entry. If a dynamic MAC address entry is not updated before the aging timer expires, the device deletes the entry. This aging mechanism ensures that the MAC address table can promptly update to accommodate latest network topology changes.

A stable network requires a longer aging interval, and an unstable network requires a shorter aging interval.

An aging interval that is too long might cause the MAC address table to retain outdated entries. As a result, the MAC address table resources might be exhausted, and the MAC address table might fail to update its entries to accommodate the latest network changes.

An interval that is too short might result in removal of valid entries, which would cause unnecessary floods and possibly affect the device performance.

To reduce floods on a stable network, set a long aging timer or disable the timer to prevent dynamic entries from unnecessarily aging out. Reducing floods improves the network performance. Reducing flooding also improves the security because it reduces the chances for a data frame to reach unintended destinations.

To set the aging timer for dynamic MAC address entries:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Set the aging timer for dynamic MAC address entries.

mac-address timer { aging seconds | no-aging }

The default setting is 300 seconds.

The no-aging keyword disables the aging timer.

 

Enabling MAC address synchronization

To avoid unnecessary floods and improve forwarding speed, make sure all cards have the same MAC address table. After you enable MAC address synchronization, each card advertises learned MAC address entries to other cards. After you enable MAC address synchronization on an IRF fabric, each card advertises learned MAC address entries to other cards of all member devices.

As shown in Figure 4:

·          Device A and Device B form an IRF fabric enabled with MAC address synchronization.

·          Device A and Device B connect to AP C and AP D, respectively.

When Client A associates with AP C, Device A learns a MAC address entry for Client A and advertises it to Device B.

Figure 4 MAC address tables of devices when Client A accesses AP C

 

When Client A roams to AP D, Device B learns a MAC address entry for Client A. Device B advertises it to Device A to ensure service continuity for Client A, as shown in Figure 5.

Figure 5 MAC address tables of devices when Client A roams to AP D

 

To enable MAC address synchronization:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enable MAC address synchronization.

mac-address mac-roaming enable

By default, MAC address synchronization is disabled.

 

Configuring MAC address move notifications and suppression

The outgoing interface for a MAC address entry learned on interface A is changed to interface B when the following conditions exist:

·          Interface B receives a packet with the MAC address as the source MAC address.

·          Interface B belongs to the same VLAN as interface A.

In this case, the MAC address is moved from interface A to interface B, and a MAC address move occurs.

The MAC address move notifications feature enables the device to output MAC address move logs when MAC address moves are detected.

If a MAC address is continuously moved between the two interfaces, Layer 2 loops might occur. To detect and locate loops, you can view the MAC address move information. To display the MAC address move records after the device is started, use the display mac-address mac-move command.

If the system detects that MAC address moves occur frequently on an interface, you can configure MAC address move suppression to shut the interface down. The interface automatically goes up after a suppression interval. Or, you can manually bring up the interface.

The MAC address move suppression feature must work with the ARP fast update for MAC address moves feature. For information about ARP fast update for MAC address moves, see "Enabling ARP fast update for MAC address moves."

To configure MAC address move notifications and MAC address move suppression:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enable MAC address move notifications and optionally specify a MAC move detection interval.

mac-address notification mac-move [ interval interval ]

By default, MAC address move notifications are disabled.

If you do not specify a detection interval, the default setting of 1 minute is used.

After you execute this command, the system sends only log messages to the information center module. If the device is also configured with the snmp-agent trap enable mac-address command, the system also sends SNMP notifications to the SNMP module.

3.       (Optional.) Set MAC address move suppression parameters.

mac-address notification mac-move suppression { interval interval | threshold threshold }

By default, the suppression interval is 30 seconds, and the suppression threshold is 3.

4.       Enter interface view.

·         Enter Layer 2 Ethernet interface view:
interface interface-type interface-number

·         Enter Layer 2 aggregate interface view:
interface bridge-aggregation interface-number

N/A

5.       Enable MAC address move suppression.

mac-address notification mac-move suppression

By default, MAC address move suppression is disabled.

6.       Return to system view.

quit

N/A

7.       Enable ARP fast update for MAC address moves.

mac-address mac-move fast-update

By default, ARP fast update for MAC address moves is disabled.

 

Enabling ARP fast update for MAC address moves

ARP fast update for MAC address moves allows the device to update an ARP entry immediately after the outgoing interface for a MAC address changes. This feature ensures data connection without interruption.

As shown in Figure 6, a mobile user laptop accesses the network by connecting to AP 1 or AP 2. When the AP to which the user connects changes, the switch updates the ARP entry for the user immediately after it detects a MAC address move.

Figure 6 ARP fast update application scenario

To enable ARP fast update for MAC address moves:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enable ARP fast update for MAC address moves.

mac-address mac-move fast-update

By default, ARP fast update for MAC address moves is disabled.

 

Enabling MAC address learning at ingress

The device can learn the source MAC address of a packet when it receives the packet or when it sends out the packet.

Some devices learn MAC address at egress. The devices cannot learn MAC addresses if no egress interfaces correspond to received packets. To avoid unnecessary broadcast traffic, enable MAC address learning at ingress on the devices. The devices then can learn the source MAC address at ingress before a packet is forwarded.

To enable MAC address learning at ingress:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enable MAC address learning at ingress.

mac-address mac-learning ingress

By default, the device learns MAC addresses at egress.

 

Configuring the base MAC address

The base MAC address is the start MAC address of the 90 consecutive MAC addresses that are reserved for system use. The base MAC address determines the higher 36 bits of the reserved MAC addresses and the MAC addresses that can be assigned to Layer 3 interfaces.

When you configure the base MAC address, make sure the base MAC address plus 90 (decimal) produces a MAC address that has the same higher 36 bits. When you assign a MAC address to a Layer 3 interface, make sure the following requirements are met:

·          The MAC address must have the same higher 36 bits as the base MAC address.

·          The MAC address must be no lower than the base MAC address plus 90 (decimal).

To configure the base MAC address:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Configure the base MAC address.

routing-interface base-mac mac-address

By default, no base MAC address exists.

 

Enabling SNMP notifications for the MAC address table

To report critical MAC address move events to an NMS, enable SNMP notifications for the MAC address table. For MAC address move event notifications to be sent correctly, you must also configure SNMP on the device.

When SNMP notifications are disabled for the MAC address table, the device sends the generated logs to the information center. To display the logs, configure the log destination and output rule configuration in the information center.

For more information about SNMP and information center configuration, see the network management and monitoring configuration guide for the device.

To enable SNMP notifications for the MAC address table:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enable SNMP notifications for the MAC address table.

snmp-agent trap enable mac-address [ mac-move ]

By default, SNMP notifications are enabled for the MAC address table.

When SNMP notifications are disabled for the MAC address table, syslog messages are sent to notify important events on the MAC address table module.

 

Displaying and maintaining the MAC address table

Execute display commands in any view.

 

Task

Command

Display MAC address table information.

display mac-address [ mac-address [ vlan vlan-id ] | [ [ dynamic | static ] [ interface interface-type interface-number ] | blackhole | multiport ] [ vlan vlan-id ] [ count ] ]

Display the aging timer for dynamic MAC address entries.

display mac-address aging-time

Display the system or interface MAC address learning state.

display mac-address mac-learning [ interface interface-type interface-number ]

Display MAC address statistics.

display mac-address statistics

(In standalone mode.) Display the MAC address move records.

display mac-address mac-move [ slot slot-number ]

(In IRF mode.) Display the MAC address move records.

display mac-address mac-move [ chassis chassis-number slot slot-number ]

 

MAC address table configuration example

Network requirements

As shown in Figure 7:

·          Host A at MAC address 000f-e235-dc71 is connected to HundredGigE 1/0/1 of Device and belongs to VLAN 1.

·          Host B at MAC address 000f-e235-abcd, which behaved suspiciously on the network, also belongs to VLAN 1.

Configure the MAC address table as follows:

·          To prevent MAC address spoofing, add a static entry for Host A in the MAC address table of Device.

·          To drop all frames destined for Host B, add a blackhole MAC address entry for Host B.

·          Set the aging timer to 500 seconds for dynamic MAC address entries.

Figure 7 Network diagram

Configuration procedure

# Add a static MAC address entry for MAC address 000f-e235-dc71 on HundredGigE 1/0/1 that belongs to VLAN 1.

<Device> system-view

[Device] mac-address static 000f-e235-dc71 interface hundredgige 1/0/1 vlan 1

# Add a blackhole MAC address entry for MAC address 000f-e235-abcd that belongs to VLAN 1.

[Device] mac-address blackhole 000f-e235-abcd vlan 1

# Set the aging timer to 500 seconds for dynamic MAC address entries.

[Device] mac-address timer aging 500

Verifying the configuration

# Display the static MAC address entries for HundredGigE 1/0/1.

[Device] display mac-address static interface hundredgige 1/0/1

MAC Address      VLAN ID    State            Port/NickName            Aging

000f-e235-dc71   1          Static           HGE1/0/1                 N

# Display the blackhole MAC address entries.

[Device] display mac-address blackhole

MAC Address      VLAN ID    State            Port/NickName            Aging

000f-e235-abcd   1          Blackhole        N/A                      N

# Display the aging time of dynamic MAC address entries.

[Device] display mac-address aging-time

MAC address aging time: 500s.

 


Configuring MAC Information

The MAC Information feature can generate syslog messages or SNMP notifications when MAC address entries are learned or deleted. You can use these messages to monitor user's leaving or joining the network and analyze network traffic.

The MAC Information feature buffers the MAC change syslog messages or SNMP notifications in a queue. The device overwrites the oldest MAC address change written into the queue with the most recent MAC address change when the following conditions exist:

·          The MAC change notification interval does not expire.

·          The queue has been exhausted.

To send a syslog message or SNMP notification immediately after it is created, set the queue length to zero.

Enabling MAC Information

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enable MAC Information globally.

mac-address information enable

By default, MAC Information is globally disabled.

3.       Enter Layer 2 Ethernet interface view.

interface interface-type interface-number

N/A

4.       Enable MAC Information on the interface.

mac-address information enable { added | deleted }

By default, MAC Information is disabled on the interface.

Make sure you have enabled MAC Information globally before you enable it on the interface.

 

Configuring the MAC Information mode

The following MAC Information modes are available for sending MAC address changes:

·          Syslog—The device sends syslog messages to notify MAC address changes. The device sends syslog messages to the information center, which then outputs them to the monitoring terminal. For more information about information center, see Network Management and Monitoring Configuration Guide.

·          Trap—The device sends SNMP notifications to notify MAC address changes. The device sends SNMP notifications to the NMS. For more information about SNMP, see Network Management and Monitoring Configuration Guide.

To configure the MAC Information mode:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Configure the MAC Information mode.

mac-address information mode { syslog | trap }

The default setting is trap.

 

Setting the MAC change notification interval

To prevent syslog messages or SNMP notifications from being sent too frequently, you can set the MAC change notification interval to a larger value.

To set the MAC change notification interval:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Set the MAC change notification interval.

mac-address information interval interval

The default setting is 1 second.

 

Setting the MAC Information queue length

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Set the MAC Information queue length.

mac-address information queue-length value

The default setting is 50.

 

MAC Information configuration example

Network requirements

Enable MAC Information on HundredGigE 1/0/1 on Device in Figure 8 to send MAC address changes in syslog messages to the log host, Host B, through interface HundredGigE 1/0/2.

Figure 8 Network diagram

Configuration restrictions and guidelines

When you edit the file /etc/syslog.conf, follow these restrictions and guidelines:

·          Comments must be on a separate line and must begin with a pound sign (#).

·          No redundant spaces are allowed after the file name.

·          The logging facility name and the severity level specified in the /etc/syslog.conf file must be the same as those configured on the device. Otherwise, the log information might not be output correctly to the log host. The logging facility name and the severity level are configured by using the info-center loghost and info-center source commands, respectively.

Configuration procedure

1.        Configure Device to send syslog messages to Host B:

# Enable the information center.

<Device> system-view

[Device] info-center enable

# Specify the log host 192.168.1.2/24 and specify local4 as the logging facility.

[Device] info-center loghost 192.168.1.2 facility local4

# Disable log output to the log host.

[Device] info-center source default loghost deny

To avoid output of unnecessary information, disable all modules from outputting logs to the specified destination (loghost, in this example) before you configure an output rule.

# Configure an output rule to output to the log host MAC address logs that have a severity level no lower than informational.

[Device] info-center source mac loghost level informational

2.        Configure the log host, Host B:

Configure Solaris as follows. Configure other UNIX operating systems in the same way Solaris is configured.

a.    Log in to the log host as a root user.

b.    Create a subdirectory named Device in directory /var/log/.

# mkdir /var/log/Device

c.    Create file info.log in the Device directory to save logs from Device.

# touch /var/log/Device/info.log

d.    Edit the file syslog.conf in directory /etc/ and add the following contents:

# Device configuration messages

local4.info /var/log/Device/info.log

In this configuration, local4 is the name of the logging facility that the log host uses to receive logs, and info is the informational level. The UNIX system records the log information that has a severity level no lower than informational to the file /var/log/Device/info.log.

e.    Display the process ID of syslogd, end the syslogd process, and then restart syslogd using the –r option to make the new configuration take effect.

# ps -ae | grep syslogd

147

# kill -HUP 147

# syslogd -r &

The device can output MAC address logs to the log host, which stores the logs to the specified file.

3.        Enable MAC Information on Device:

# Enable MAC Information globally.

[Device] mac-address information enable

# Configure the MAC Information mode as syslog.

[Device] mac-address information mode syslog

# Enable MAC Information on HundredGigE 1/0/1 to enable the port to record MAC address change information when the interface performs either of the following operations:

?  Learns a new MAC address.

?  Deletes an existing MAC address.

[Device] interface hundredgige 1/0/1

[Device-HundredGigE1/0/1] mac-address information enable added

[Device-HundredGigE1/0/1] mac-address information enable deleted

[Device-HundredGigE1/0/1] quit

# Set the MAC Information queue length to 100.

[Device] mac-address information queue-length 100

# Set the MAC change notification interval to 20 seconds.

[Device] mac-address information interval 20

 


Configuring Ethernet link aggregation

Ethernet link aggregation bundles multiple physical Ethernet links into one logical link, called an aggregate link.

Link aggregation has the following benefits:

·          Increased bandwidth beyond the limits of any single link. In an aggregate link, traffic is distributed across the member ports.

·          Improved link reliability. The member ports dynamically back up one another. When a member port fails, its traffic is automatically switched to other member ports.

As shown in Figure 9, Device A and Device B are connected by three physical Ethernet links. These physical Ethernet links are combined into an aggregate link called link aggregation 1. The bandwidth of this aggregate link can reach up to the total bandwidth of the three physical Ethernet links. At the same time, the three Ethernet links back up one another. When a physical Ethernet link fails, the traffic previously transmitted on the failed link is switched to the other two links.

Figure 9 Ethernet link aggregation diagram

Basic concepts

Aggregation group, member port, and aggregate interface

An aggregation group is a group of Ethernet interfaces bundled together. These Ethernet interfaces are called member ports of the aggregation group. Each aggregation group has a corresponding logical interface called an aggregate interface.

When an aggregate interface is created, the device automatically creates an aggregation group of the same type and number as the aggregate interface.

An aggregate interface can be one of the following types:

·          Layer 2—A Layer 2 aggregate interface is created manually. The member ports of the corresponding Layer 2 aggregation group can only be Layer 2 Ethernet interfaces.

·          Layer 3—A Layer 3 aggregate interface is created manually. The member ports of the corresponding Layer 3 aggregation group can only be Layer 3 Ethernet interfaces.

On a Layer 3 aggregate interface, you can create subinterfaces.

The port rate of an aggregate interface equals the total rate of its Selected member ports. Its duplex mode is the same as that of the Selected member ports. For more information about Selected member ports, see "Aggregation states of member ports in an aggregation group."

Aggregation states of member ports in an aggregation group

A member port in an aggregation group can be in any of the following aggregation states:

·          Selected—A Selected port can forward traffic.

·          Unselected—An Unselected port cannot forward traffic.

·          Individual—An Individual port can forward traffic as a normal physical port. A port is placed in the Individual state when the following conditions exist:

?  Its aggregate interface is configured as an edge aggregate interface.

?  The port has not received Link Aggregation Control Protocol Data Units (LACPDUs) from its peer port.

Operational key

When aggregating ports, the system automatically assigns each port an operational key based on port information, such as port rate and duplex mode. Any change to this information triggers a recalculation of the operational key.

In an aggregation group, all Selected ports have the same operational key.

Configuration types

Port configurations include attribute configurations and protocol configurations. Attribute configurations of a link aggregation member port affect its aggregation state.

·          Attribute configurations—To become a Selected port, a member port must have the same attribute configurations as the aggregate interface. Table 2 describes the attribute configurations.

Attribute configuration changes on an aggregate interface are automatically synchronized to all member ports. If the device fails to synchronize the changes to a Selected port, the port might become Unselected. For the port to become Selected again, you can modify the attribute configurations on the aggregate interface or the port. The synchronization failure does not affect the attribute configuration changes made on the aggregate interface. The configurations that have been synchronized from the aggregate interface are retained on the member ports even after the aggregate interface is deleted.

Any attribute configuration change on a member port might affect the aggregation states and running services of the member ports. The system displays a warning message every time you try to change an attribute configuration setting on a member port.

Table 2 Attribute configurations

Feature

Considerations

Port isolation

Indicates whether the port has joined an isolation group and which isolation group the port belongs to.

VLAN mapping

VLAN mapping configured on the port. For more information about VLAN mapping, see "Configuring VLAN mapping."

VLAN

VLAN attribute configurations include the following:

·         Permitted VLAN IDs.

·         PVID.

·         Link type (trunk, hybrid, or access).

·         VLAN tagging mode.

For information about VLANs, see "Configuring VLANs."

 

·          Protocol configurations—Protocol configurations of a member port do not affect the aggregation state of the member port. MAC address learning and spanning tree settings are examples of protocol configurations.

 

 

NOTE:

·      The protocol configurations for an aggregate interface take effect only on the current aggregate interface.

·      The protocol configurations for a member port take effect only when the port leaves its aggregation group.

 

Link aggregation modes

An aggregation group operates in one of the following modes:

·          Static—Static aggregation is stable. An aggregation group in static mode is called a static aggregation group. The aggregation states of the member ports in a static aggregation group are not affected by the peer ports.

·          Dynamic—An aggregation group in dynamic mode is called a dynamic aggregation group. The local system and the peer system automatically maintain the aggregation states of the member ports. Dynamic link aggregation reduces the administrators' workload.

Aggregating links in static mode

Choosing a reference port

When setting the aggregation states of the ports in an aggregation group, the system automatically chooses a member port as the reference port. A Selected port must have the same operational key and attribute configurations as the reference port.

The system chooses a reference port from the member ports in up state.

The candidate reference ports are organized into different priority levels following these rules:

1.        In descending order of port priority.

2.        Full duplex.

3.        In descending order of speed.

4.        Half duplex.

5.        In descending order of speed.

From the candidate ports with the same attribute configurations as the aggregate interface, the one with the highest priority level is chosen as the reference port.

·          If multiple ports have the same priority level, the port that has been Selected (if any) is chosen. If multiple ports with the same priority level have been Selected, the one with the smallest port number is chosen.

·          If multiple ports have the same priority level and none of them has been Selected, the port with the smallest port number is chosen.

Setting the aggregation state of each member port

After the reference port is chosen, the system sets the aggregation state of each member port in the static aggregation group.

Figure 10 Setting the aggregation state of a member port in a static aggregation group

 

After the limit on Selected ports is reached, the aggregation state of a new member port varies by following conditions:

·          The port is placed in Unselected state if the port and the Selected ports have the same port priority. This mechanism prevents traffic interruption on the existing Selected ports. A device reboot can cause the device to recalculate the aggregation states of member ports.

·          The port is placed in Selected state when the following conditions are met:

?  The port and the Selected ports have different port priorities, and the port has a higher port priority than a minimum of one Selected port.

?  The port has the same attribute configurations as the aggregate interface.

Any operational key or attribute configuration change might affect the aggregation states of link aggregation member ports.

Aggregating links in dynamic mode

Dynamic aggregation is implemented through IEEE 802.3ad Link Aggregation Control Protocol (LACP).

LACP

LACP uses LACPDUs to exchange aggregation information between LACP-enabled devices. Each member port in a dynamic aggregation group can exchange information with its peer. When a member port receives an LACPDU, it compares the received information with information received on the other member ports. In this way, the two systems reach an agreement on which ports are placed in Selected state.

LACP functions

LACP offers basic LACP functions and extended LACP functions, as described in Table 3.

Table 3 Basic and extended LACP functions

Category

Description

Basic LACP functions

Implemented through the basic LACPDU fields, including the system LACP priority, system MAC address, port priority, port number, and operational key.

Extended LACP functions

Implemented by extending the LACPDU with new TLV fields. Extended LACP can implement LACP MAD for the IRF feature.

The switch series can participate in LACP MAD as either an IRF member device or an intermediate device.

For more information about IRF and the LACP MAD mechanism, see IRF Configuration Guide.

 

LACP operating modes

LACP can operate in active or passive mode.

When LACP is operating in passive mode on a local member port and its peer port, both ports cannot send LACPDUs. When LACP is operating in active mode on either end of a link, both ports can send LACPDUs.

LACP priorities

LACP priorities include system LACP priority and port priority, as described in Table 4. The smaller the priority value, the higher the priority.

Table 4 LACP priorities

Type

Description

System LACP priority

Used by two peer devices (or systems) to determine which one is superior in link aggregation.

In dynamic link aggregation, the system that has higher system LACP priority sets the Selected state of member ports on its side. The system that has lower priority sets the aggregation state of local member ports the same as their respective peer ports.

Port priority

Determines the likelihood of a member port to be a Selected port on a system. A port with a higher port priority is more likely to become Selected.

 

LACP timeout interval

The LACP timeout interval specifies how long a member port waits to receive LACPDUs from the peer port. If a local member port has not received LACPDUs from the peer within the LACP timeout interval, the member port considers the peer as failed.

The LACP timeout interval also determines the LACPDU sending rate of the peer. LACP timeout intervals include the following types:

·          Short timeout interval—3 seconds. If you use the short timeout interval, the peer sends one LACPDU per second.

·          Long timeout interval—90 seconds. If you use the long timeout interval, the peer sends one LACPDU every 30 seconds.

How dynamic link aggregation works

Choosing a reference port

The system chooses a reference port from the member ports in up state. A Selected port must have the same operational key and attribute configurations as the reference port.

The local system (the actor) and the peer system (the partner) negotiate a reference port by using the following workflow:

1.        The two systems determine the system with the smaller system ID.

A system ID contains the system LACP priority and the system MAC address.

a.    The two systems compare their LACP priority values.

The lower the LACP priority, the smaller the system ID. If the LACP priority values are the same, the two systems proceed to step b.

b.    The two systems compare their MAC addresses.

The lower the MAC address, the smaller the system ID.

2.        The system with the smaller system ID chooses the port with the smallest port ID as the reference port.

A port ID contains a port priority and a port number. The lower the port priority, the smaller the port ID.

a.    The system chooses the port with the lowest priority value as the reference port.

If the ports have the same priority, the system proceeds to step b.

b.    The system compares their port numbers.

The smaller the port number, the smaller the port ID.

The port with the smallest port number and the same attribute configurations as the aggregate interface is chosen as the reference port.

Setting the aggregation state of each member port

After the reference port is chosen, the system with the smaller system ID sets the state of each member port on its side.

Figure 11 Setting the state of a member port in a dynamic aggregation group

 

 

The system with the greater system ID can detect the aggregation state changes on the peer system. The system with the greater system ID sets the aggregation state of local member ports the same as their peer ports.

When you aggregate interfaces in dynamic mode, follow these guidelines:

·          A dynamic link aggregation group chooses only full-duplex ports as the Selected ports.

·          For stable aggregation and service continuity, do not change the operational key or attribute configurations on any member port.

·          After the Selected port limit is reached, a newly joining port becomes a Selected port if it is more eligible than a current Selected port.

Edge aggregate interface

Dynamic link aggregation fails on a server-facing aggregate interface if dynamic link aggregation is configured only on the device. The device forwards traffic by using only one of the physical ports that are connected to the server.

To improve link reliability, configure the aggregate interface as an edge aggregate interface. This feature enables all member ports of the aggregation group to forward traffic. When a member port fails, its traffic is automatically switched to other member ports.

After dynamic link aggregation is configured on the server, the device can receive LACPDUs from the server. Then, link aggregation between the device and the server operates correctly.

An edge aggregate interface takes effect only when it is configured on an aggregate interface corresponding to a dynamic aggregation group.

Load sharing modes for link aggregation groups

In a link aggregation group, traffic can be load shared across the Selected ports based on any of the following modes:

·          Per-flow load sharing—Load shares traffic on a per-flow basis. The load sharing mode classifies packets into flows and forwards packets of the same flow on the same link. This mode can be one or any combination of the following traffic classification criteria:

?  Ingress port.

?  Source or destination IP address.

?  Source or destination MAC address.

?  Source or destination port number.

?  Protocol number.

·          Per-packet load sharing—Load shares traffic on a per-packet basis.

Ethernet link aggregation configuration task list

Tasks at a glance

(Required.) Configuring an aggregation group:

·         Configuring a Layer 2 aggregation group

·         Configuring a Layer 3 aggregation group

(Optional.) Configuring an aggregate interface:

·         Configuring the description of an aggregate interface

·         Setting the MAC address for an aggregate interface

·         Specifying ignored VLANs for a Layer 2 aggregate interface

·         Setting the MTU for a Layer 3 aggregate interface

·         Setting the minimum and maximum numbers of Selected ports for an aggregation group

·         Setting the expected bandwidth for an aggregate interface

·         Configuring an edge aggregate interface

·         Enabling BFD for an aggregation group

·         Shutting down an aggregate interface

·         Restoring the default settings for an aggregate interface

(Optional.) Configuring load sharing for link aggregation groups:

·         Setting load sharing modes for link aggregation groups

·         Enabling local-first load sharing for link aggregation

·         Configuring link aggregation load sharing algorithm settings

(Optional.) Enabling link-aggregation traffic redirection

(Optional.) Configuring the link aggregation capability for the device

 

Configuring an aggregation group

This section explains how to configure an aggregation group.

Configuration restrictions and guidelines

When you configure an aggregation group, follow these restrictions and guidelines:

·          Do not assign a reflector port for port mirroring to an aggregation group. For more information about reflector ports, see Network Management and Monitoring Configuration Guide.

·          Deleting an aggregate interface also deletes its aggregation group and causes all member ports to leave the aggregation group.

·          You must configure the same aggregation mode on the two ends of an aggregate link.

·          For a successful static aggregation, make sure the ports at both ends of each link are in the same aggregation state.

·          For a successful dynamic aggregation, make sure the peer ports of the ports aggregated at one end are also aggregated. The two ends can automatically negotiate the aggregation state of each member port.

Configuring a Layer 2 aggregation group

Configuring a Layer 2 static aggregation group

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Create a Layer 2 aggregate interface and enter Layer 2 aggregate interface view.

interface bridge-aggregation interface-number

When you create a Layer 2 aggregate interface, the system automatically creates a Layer 2 static aggregation group numbered the same.

3.       Exit to system view.

quit

N/A

4.       Assign an interface to the specified Layer 2 aggregation group.

a         Enter Layer 2 Ethernet interface view:
interface interface-type interface-number

b        Assign the interface to the specified Layer 2 aggregation group:
port link-aggregation group group-id

Repeat these two substeps to assign more Layer 2 Ethernet interfaces to the aggregation group.

5.       (Optional.) Set the port priority for the interface.

link-aggregation port-priority priority

The default port priority of an interface is 32768.

 

Configuring a Layer 2 dynamic aggregation group

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Set the system LACP priority.

lacp system-priority priority

By default, the system LACP priority is 32768.

Changing the system LACP priority might affect the aggregation states of the ports in a dynamic aggregation group.

3.       Create a Layer 2 aggregate interface and enter Layer 2 aggregate interface view.

interface bridge-aggregation interface-number

When you create a Layer 2 aggregate interface, the system automatically creates a Layer 2 static aggregation group numbered the same.

4.       Configure the aggregation group to operate in dynamic mode.

link-aggregation mode dynamic

By default, an aggregation group operates in static mode.

5.       Exit to system view.

quit

N/A

6.       Assign an interface to the specified Layer 2 aggregation group.

a         Enter Layer 2 Ethernet interface view:
interface interface-type interface-number

b        Assign the interface to the specified Layer 2 aggregation group:
port link-aggregation group group-id

Repeat these two substeps to assign more Layer 2 Ethernet interfaces to the aggregation group.

7.       Set the LACP operating mode for the interface.

·         Set the LACP operating mode to passive:
lacp mode passive

·         Set the LACP operating mode to active:
undo lacp mode

By default, LACP is operating in active mode.

8.       Set the port priority for the interface.

link-aggregation port-priority priority

The default setting is 32768.

9.       Set the short LACP timeout interval (3 seconds) for the interface.

lacp period short

By default, the long LACP timeout interval (90 seconds) is used by the interface.

To avoid traffic interruption during an ISSU, do not set the short LACP timeout interval before performing the ISSU. For more information about ISSU, see Fundamentals Configuration Guide.

 

Configuring a Layer 3 aggregation group

Configuring a Layer 3 static aggregation group

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Create a Layer 3 aggregate interface and enter Layer 3 aggregate interface view.

interface route-aggregation interface-number

When you create a Layer 3 aggregate interface, the system automatically creates a Layer 3 static aggregation group numbered the same.

3.       Exit to system view.

quit

N/A

4.       Assign an interface to the specified Layer 3 aggregation group.

a         Enter Layer 3 Ethernet interface view:
interface interface-type interface-number

b        Assign the interface to the specified Layer 3 aggregation group:
port link-aggregation group group-id

Repeat these two substeps to assign more Layer 3 Ethernet interfaces to the aggregation group.

5.       (Optional.) Set the port priority for the interface.

link-aggregation port-priority priority

The default port priority of an interface is 32768.

 

Configuring a Layer 3 dynamic aggregation group

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Set the system LACP priority.

lacp system-priority priority

By default, the system LACP priority is 32768.

Changing the system LACP priority might affect the aggregation states of the ports in the dynamic aggregation group.

3.       Create a Layer 3 aggregate interface and enter Layer 3 aggregate interface view.

interface route-aggregation interface-number

When you create a Layer 3 aggregate interface, the system automatically creates a Layer 3 static aggregation group numbered the same.

4.       Configure the aggregation group to operate in dynamic mode.

link-aggregation mode dynamic

By default, an aggregation group operates in static mode.

5.       Exit to system view.

quit

N/A

6.       Assign an interface to the specified Layer 3 aggregation group.

a         Enter Layer 3 Ethernet interface view:
interface interface-type interface-number

b        Assign the interface to the specified Layer 3 aggregation group:
port link-aggregation group group-id

Repeat these two substeps to assign more Layer 3 Ethernet interfaces to the aggregation group.

7.       Set the LACP operating mode for the interface.

·         Set the LACP operating mode to passive:
lacp mode passive

·         Set the LACP operating mode to active:
undo lacp mode

By default, LACP is operating in active mode.

8.       Set the port priority for the interface.

link-aggregation port-priority priority

The default setting is 32768.

9.       Set the short LACP timeout interval (3 seconds) for the interface.

lacp period short

By default, the long LACP timeout interval (90 seconds) is used by the interface.

To avoid traffic interruption during an ISSU, do not set the short LACP timeout interval before performing the ISSU. For more information about ISSU, see Fundamentals Configuration Guide.

 

Configuring an aggregate interface

Most configurations that can be made on Layer 2 or Layer 3 Ethernet interfaces can also be made on Layer 2 or Layer 3 aggregate interfaces.

Configuring the description of an aggregate interface

You can configure the description of an aggregate interface for administration purposes, for example, describing the purpose of the interface.

To configure the description of an aggregate interface:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter aggregate interface or subinterface view.

·         Enter Layer 2 aggregate interface view:
interface bridge-aggregation interface-number

·         Enter Layer 3 aggregate interface or subinterface view:
interface route-aggregation { interface-number | interface-number.subnumber }

N/A

3.       Configure the description of the aggregate interface or subinterface.

description text

By default, the description of an interface is interface-name Interface.

 

Setting the MAC address for an aggregate interface

Typically, all aggregate interfaces on a device use the same MAC address, and aggregate interfaces on different devices use different MAC addresses. However, you must set different MAC addresses for aggregate interfaces on a device in some situations.

For example, in a spanning tree network, the BPDUs sent by Layer 2 aggregate interfaces on a device have the same source MAC address. When the device communicates with a third-party device, these BPDUs are considered attack packets and are dropped by the third-party device. To solve this problem, set different MAC addresses for the Layer 2 aggregate interfaces.

To set the MAC address for an aggregate interface:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter Layer 3 aggregate interface or subinterface view.

interface route-aggregation { interface-number | interface-number.subnumber }

N/A

3.       Set the MAC address for the aggregate interface.

mac-address mac-address

By default:

·         All aggregate interfaces on a device use the same MAC address.

·         Aggregate interfaces on different devices use different MAC addresses.

The default MAC address of a Layer 3 aggregate interface is the bridge MAC address of the device.

 

Specifying ignored VLANs for a Layer 2 aggregate interface

The system ignores the permit state and tagging mode of an ignored VLAN when choosing Selected ports.

By default, to become Selected, the member ports must have the same VLAN permit state and tagging mode as the corresponding Layer 2 aggregate interface.

To specify ignored VLANs for a Layer 2 aggregate interface:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter Layer 2 aggregate interface view.

interface bridge-aggregation interface-number

N/A

3.       Specify ignored VLANs.

link-aggregation ignore vlan vlan-id-list

By default, a Layer 2 aggregate interface does not ignore any VLANs.

 

Setting the MTU for a Layer 3 aggregate interface

The MTU of an interface affects IP packets fragmentation and reassembly on the interface.

To set the MTU for a Layer 3 aggregate interface:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter Layer 3 aggregate interface or subinterface view.

interface route-aggregation { interface-number | interface-number.subnumber }

N/A

3.       Set the MTU for the Layer 3 aggregate interface or subinterface.

mtu size

The default setting is 1500 bytes.

 

Setting the minimum and maximum numbers of Selected ports for an aggregation group

IMPORTANT

IMPORTANT:

The minimum and maximum numbers of Selected ports must be the same for the local and peer aggregation groups.

 

The bandwidth of an aggregate link increases as the number of Selected member ports increases. To avoid congestion, you can set the minimum number of Selected ports required for bringing up an aggregate interface.

This minimum threshold setting affects the aggregation states of aggregation member ports and the state of the aggregate interface.

·          When the number of member ports eligible to be Selected ports is smaller than the minimum threshold, the following events occur:

?  The eligible member ports are placed in Unselected state.

?  The link layer state of the aggregate interface becomes down.

·          When the number of member ports eligible to be Selected ports reaches or exceeds the minimum threshold, the following events occur:

?  The eligible member ports are placed in Selected state.

?  The link layer state of the aggregate interface becomes up.

The maximum number of Selected ports allowed in an aggregation group is limited by either manual configuration or hardware limitation, whichever value is smaller.

You can implement backup between two ports by performing the following tasks:

·          Assigning two ports to an aggregation group.

·          Setting the maximum number of Selected ports to 1 for the aggregation group.

Then, only one Selected port is allowed in the aggregation group, and the Unselected port acts as a backup port.

To set the minimum and maximum numbers of Selected ports for an aggregation group:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter aggregate interface view.

·         Enter Layer 2 aggregate interface view:
interface bridge-aggregation interface-number

·         Enter Layer 3 aggregate interface view:
interface route-aggregation interface-number

N/A

3.       Set the minimum number of Selected ports for the aggregation group.

link-aggregation selected-port minimum min-number

By default, the minimum number of Selected ports is not specified for an aggregation group.

4.       Set the maximum number of Selected ports for the aggregation group.

link-aggregation selected-port maximum max-number

By default, the maximum number of Selected ports for an aggregation group is 16.

 

Setting the expected bandwidth for an aggregate interface

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter aggregate interface view.

·         Enter Layer 2 aggregate interface view:
interface bridge-aggregation interface-number

·         Enter Layer 3 aggregate interface or subinterface view:
interface route-aggregation { interface-number | interface-number.subnumber }

N/A

3.       Set the expected bandwidth for the interface.

bandwidth bandwidth-value

By default, the expected bandwidth (in kbps) is the interface baud rate divided by 1000.

 

Configuring an edge aggregate interface

When you configure an edge aggregate interface, follow these restrictions and guidelines:

·          This configuration takes effect only on the aggregate interface corresponding to a dynamic aggregation group.

·          Link-aggregation traffic redirection does not operate correctly on an edge aggregate interface. For more information about link-aggregation traffic redirection, see "Enabling link-aggregation traffic redirection."

To configure an edge aggregate interface:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter aggregate interface view.

·         Enter Layer 2 aggregate interface view:
interface bridge-aggregation interface-number

·         Enter Layer 3 aggregate interface view:
interface route-aggregation interface-number

N/A

3.       Configure the aggregate interface as an edge aggregate interface.

lacp edge-port

By default, an aggregate interface does not operate as an edge aggregate interface.

 

Enabling BFD for an aggregation group

BFD for Ethernet link aggregation can monitor member link status in an aggregation group. After you enable BFD on an aggregate interface, each Selected port in the aggregation group establishes a BFD session with its peer port. BFD operates differently depending on the aggregation mode.

·          BFD for static aggregation—When BFD detects a link failure, BFD notifies the Ethernet link aggregation module that the peer port is unreachable. The local port is placed in Unselected state. The BFD session between the local and peer ports remains, and the local port keeps sending BFD packets. When the link is recovered, the local port receives BFD packets from the peer port, and BFD notifies the Ethernet link aggregation module that the peer port is reachable. The local port is placed in Selected state again. This mechanism ensures that the local and peer ports of a static aggregate link have the same aggregation state.

·          BFD for dynamic aggregation—When BFD detects a link failure, BFD notifies the Ethernet link aggregation module that the peer port is unreachable. BFD clears the session and stops sending BFD packets. When the link is recovered and the local port is placed in Selected state again, the local port establishes a new session with the peer port. BFD notifies the Ethernet link aggregation module that the peer port is reachable. Because BFD provides fast failure detection, the local and peer systems of a dynamic aggregate link can negotiate the aggregation state of their member ports faster.

For more information about BFD, see High Availability Configuration Guide.

Configuration restrictions and guidelines

When you enable BFD for an aggregation group, follow these restrictions and guidelines:

·          Make sure the source and destination IP addresses are consistent at the two ends of an aggregate link. For example, if you execute link-aggregation bfd ipv4 source 1.1.1.1 destination 2.2.2.2 on the local end, execute link-aggregation bfd ipv4 source 2.2.2.2 destination 1.1.1.1 on the peer end. The source and destination IP addresses cannot be the same.

·          The BFD parameters configured on an aggregate interface take effect on all BFD sessions in the aggregation group. BFD sessions for link aggregation do not support the echo packet mode and the Demand mode.

·          As a best practice, do not configure other protocols to collaborate with BFD on a BFD-enabled aggregate interface.

·          Make sure the number of member ports in a BFD-enabled aggregation group is not larger than the number of BFD sessions supported by the device. Otherwise, this command might cause some Selected ports in the aggregation group to change to the Unselected state.

·          If the number of BFD sessions differs between the two ends of an aggregate link, check their settings for inconsistency in the maximum number of Selected ports. You must make sure the two ends have the same setting for the maximum number of Selected ports.

Configuration procedure

To enable BFD for an aggregation group:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter aggregate interface view.

·         Enter Layer 2 aggregate interface view:
interface bridge-aggregation interface-number

·         Enter Layer 3 aggregate interface view:
interface route-aggregation interface-number

N/A

3.       Enable BFD for the aggregation group.

link-aggregation bfd ipv4 source ip-address destination ip-address

By default, BFD is disabled for an aggregation group.

The source and destination IP addresses of BFD sessions must be unicast addresses excluding 0.0.0.0.

 

Shutting down an aggregate interface

Shutting down or bringing up an aggregate interface affects the aggregation states and link states of member ports in the corresponding aggregation group as follows:

·          When an aggregate interface is shut down, all Selected ports in the corresponding aggregation group become Unselected ports and all member ports go down.

·          When an aggregate interface is brought up, the aggregation states of member ports in the corresponding aggregation group are recalculated.

To shut down an aggregate interface:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter aggregate interface view.

·         Enter Layer 2 aggregate interface view:
interface bridge-aggregation interface-number

·         Enter Layer 3 aggregate interface or subinterface view:
interface route-aggregation { interface-number | interface-number.subnumber }

·         N/A

3.       Shut down the aggregate interface or subinterface.

shutdown

By default, a Layer 2 or Layer 3 aggregate interface is down, and a Layer 3 aggregate subinterface is up.

 

Restoring the default settings for an aggregate interface

You can restore all configurations on an aggregate interface to the default settings.

To restore the default settings for an aggregate interface:

 

Step

Command

1.       Enter system view.

system-view

2.       Enter aggregate interface view.

·         Enter Layer 2 aggregate interface view:
interface bridge-aggregation interface-number

·         Enter Layer 3 aggregate interface or subinterface view:
interface route-aggregation { interface-number | interface-number.subnumber }

3.       Restore the default settings for the aggregate interface.

default

 

Configuring load sharing for link aggregation groups

This section explains how to configure the load sharing modes for link aggregation groups and how to enable local-first load sharing for link aggregation.

Setting load sharing modes for link aggregation groups

You can set the global or group-specific load sharing mode. A link aggregation group preferentially uses the group-specific load sharing mode. If the group-specific load sharing mode is not available, the group uses the global load sharing mode.

Setting the global link-aggregation load sharing mode

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Set the global link-aggregation load sharing mode.

link-aggregation global load-sharing mode { destination-ip | destination-mac | destination-port | ingress-port | ip-protocol | source-ip | source-mac | source-port } *

The default settings are as follows:

·         Layer 2 traffic is distributed based on the Ethernet type, source and destination MAC address, and source port.

·         IPv4 or IPv6 traffic is distributed based on the source and destination IP addresses, source and destination ports, and protocol number.

·         MPLS traffic with three or fewer layers of labels is distributed based on the source and destination IP addresses, source and destination ports, and protocol number. MPLS traffic with more than three layers of labels is distributed based on the source and destination IP addresses.

The device supports any combinations of the keywords.

Destination or source MAC address-based load sharing does not take effect on Layer 3 packets.

 

Setting the group-specific load sharing mode

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter aggregate interface view.

·         Enter Layer 2 aggregate interface view:
interface bridge-aggregation interface-number

·         Enter Layer 3 aggregate interface view:
interface route-aggregation interface-number

N/A

3.       Set the load sharing mode for the aggregation group.

link-aggregation load-sharing mode flexible

By default, the group-specific load sharing mode is the same as the global load sharing mode.

Aggregate interfaces support only per-packet load sharing.

 

Enabling local-first load sharing for link aggregation

Use local-first load sharing in a multidevice link aggregation scenario to distribute traffic preferentially across member ports on the ingress card.

When you aggregate ports on different member devices in an IRF fabric, you can use local-first load sharing to reduce traffic on IRF links, as shown in Figure 12. For more information about IRF, see IRF Configuration Guide.

Figure 12 Load sharing for multidevice link aggregation in an IRF fabric

 

To enable local-first load sharing for link aggregation:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enable local-first load sharing for link aggregation.

link-aggregation load-sharing mode local-first

By default, local-first load sharing for link aggregation is enabled.

 

Configuring link aggregation load sharing algorithm settings

To optimize traffic distribution on aggregate links, you can configure a link aggregation load sharing algorithm.

This feature takes effect only when the per-flow load sharing mode is used and the per-flow load sharing mode does not use the following traffic classification criteria:

·          Source IP address.

·          Destination IP address.

·          Source MAC address.

·          Destination MAC address.

·          Source and destination IP addresses.

·          Source and destination MAC addresses.

To configure a link aggregation load sharing algorithm:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Configure a link aggregation load sharing algorithm.

link-aggregation global load-sharing algorithm algorithm-number

By default, algorithm 4 is used.

If the device fails to load share traffic flows across all Selected ports, you can specify algorithm 1 to 9 in sequence until the problem is solved.

 

Enabling link-aggregation traffic redirection

This feature redirects traffic on a Selected port to the remaining available Selected ports of an aggregation group if one of the following events occurs:

·          The port is shut down by using the shutdown command.

·          The slot that hosts the port reboots, and the aggregation group spans multiple slots.

This feature ensures zero packet loss for known unicast traffic, but does not protect unknown unicast traffic.

You can enable link-aggregation traffic redirection globally or for an aggregation group. Global link-aggregation traffic redirection settings take effect on all aggregation groups. A link aggregation group preferentially uses the group-specific link-aggregation traffic redirection settings. If group-specific link-aggregation traffic redirection is not configured, the group uses the global link-aggregation traffic redirection settings.

Configuration restrictions and guidelines

When you enable link-aggregation traffic redirection, follow these restrictions and guidelines:

·          Link-aggregation traffic redirection applies only to dynamic link aggregation groups.

·          To prevent traffic interruption, enable link-aggregation traffic redirection on devices at both ends of the aggregate link.

·          To prevent packet loss that might occur when a slot reboots, do not enable spanning tree together with link-aggregation traffic redirection.

·          Link-aggregation traffic redirection does not operate correctly on an edge aggregate interface.

·          As a best practice, enable link-aggregation traffic redirection on aggregate interfaces. If you enable this feature globally, communication with a third-party peer device might be affected if the peer is not compatible with this feature.

Configuration procedure

To enable link-aggregation traffic redirection globally:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enable link-aggregation traffic redirection globally.

link-aggregation lacp traffic-redirect-notification enable

By default, link-aggregation traffic redirection is disabled globally.

 

To enable link-aggregation traffic redirection for an aggregation group:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter aggregate interface view.

·         Enter Layer 2 aggregate interface view:
interface bridge-aggregation interface-number

·         Enter Layer 3 aggregate interface view:
interface route-aggregation interface-number

N/A

3.       Enable link-aggregation traffic redirection for the aggregation group.

link-aggregation lacp traffic-redirect-notification enable

By default, link-aggregation traffic redirection is disabled for an aggregation group.

 

Configuring the link aggregation capability for the device

Perform this task to modify the maximum number of aggregation groups and the maximum number of Selected ports per aggregation group.

After you configure the link aggregation capability for the device, save the configuration and reboot the device for the configuration to take effect. Before rebooting the device, make sure you know the possible impact on the network.

For link aggregation to operate correctly, set the same link aggregation capability for both ends of an aggregate link.

The maximum number of Selected ports allowed in an aggregation group is limited by one of the following values, whichever value is smaller:

·          Maximum number set by using the link-aggregation selected-port maximum command.

·          Maximum number of Selected ports allowed by the link aggregation capability.

To configure the link aggregation capability for the device:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Configure the link aggregation capability for the device.

link-aggregation capability max-group max-group-number max-selected-port max-selected-port-number

By default, a device can have a maximum of 1024 aggregation groups and an aggregation group can have a maximum of 16 Selected ports.

 

Displaying and maintaining Ethernet link aggregation

Execute display commands in any view and reset commands in user view.

 

Task

Command

Display information for an aggregate interface or multiple aggregate interfaces.

display interface [ { bridge-aggregation | route-aggregation } [ interface-number ] ] [ brief [ description | down ] ]

Display the local system ID.

display lacp system-id

Display the link aggregation capability for the device.

display link-aggregation capability

Display the global or group-specific link-aggregation load sharing modes.

display link-aggregation load-sharing mode [ interface [ { bridge-aggregation | route-aggregation } interface-number ] ]

Display forwarding information for the specified traffic flow.

display link-aggregation load-sharing path interface { bridge-aggregation | route-aggregation } interface-number ingress-port interface-type interface-number [ route ] { { destination-ip ip-address | destination-ipv6 ipv6-address } | { source-ip ip-address | source-ipv6 ipv6-address } | destination-mac mac-address | destination-port port-id | ethernet-type type-number | ip-protocol protocol-id | source-mac mac-address | source-port port-id | vlan vlan-id } *

Display detailed link aggregation information for link aggregation member ports.

display link-aggregation member-port [ interface-list ]

Display summary information about all aggregation groups.

display link-aggregation summary

Display detailed information about the specified aggregation groups.

display link-aggregation verbose [ { bridge-aggregation | route-aggregation } [ interface-number ] ]

Clear LACP statistics for the specified link aggregation member ports.

reset lacp statistics [ interface interface-list ]

Clear statistics for the specified aggregate interfaces.

reset counters interface [ { bridge-aggregation | route-aggregation } [ interface-number ] ]

 

Ethernet link aggregation configuration examples

Layer 2 static aggregation configuration example

Network requirements

On the network shown in Figure 13, perform the following tasks:

·          Configure a Layer 2 static aggregation group on both Device A and Device B.

·          Enable VLAN 10 at one end of the aggregate link to communicate with VLAN 10 at the other end.

·          Enable VLAN 20 at one end of the aggregate link to communicate with VLAN 20 at the other end.

Figure 13 Network diagram

Configuration procedure

1.        Configure Device A:

# Create VLAN 10, and assign port HundredGigE 1/0/4 to VLAN 10.

<DeviceA> system-view

[DeviceA] vlan 10

[DeviceA-vlan10] port hundredgige 1/0/4

[DeviceA-vlan10] quit

# Create VLAN 20, and assign port HundredGigE 1/0/5 to VLAN 20.

[DeviceA] vlan 20

[DeviceA-vlan20] port hundredgige 1/0/5

[DeviceA-vlan20] quit

# Create Layer 2 aggregate interface Bridge-Aggregation 1.

[DeviceA] interface bridge-aggregation 1

[DeviceA-Bridge-Aggregation1] quit

# Assign ports HundredGigE 1/0/1 through HundredGigE 1/0/3 to link aggregation group 1.

[DeviceA] interface hundredgige 1/0/1

[DeviceA-HundredGigE1/0/1] port link-aggregation group 1

[DeviceA-HundredGigE1/0/1] quit

[DeviceA] interface hundredgige 1/0/2

[DeviceA-HundredGigE1/0/2] port link-aggregation group 1

[DeviceA-HundredGigE1/0/2] quit

[DeviceA] interface hundredgige 1/0/3

[DeviceA-HundredGigE1/0/3] port link-aggregation group 1

[DeviceA-HundredGigE1/0/3] quit

# Configure Layer 2 aggregate interface Bridge-Aggregation 1 as a trunk port and assign it to VLANs 10 and 20.

[DeviceA] interface bridge-aggregation 1

[DeviceA-Bridge-Aggregation1] port link-type trunk

[DeviceA-Bridge-Aggregation1] port trunk permit vlan 10 20

[DeviceA-Bridge-Aggregation1] quit

2.        Configure Device B in the same way Device A is configured. (Details not shown.)

Verifying the configuration

# Display detailed information about all aggregation groups on Device A.

[DeviceA] display link-aggregation verbose

Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing

Port Status: S -- Selected, U -- Unselected, I -- Individual

Port: A -- Auto port, M -- Management port, R -- Reference port

Flags:  A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation,

        D -- Synchronization, E -- Collecting, F -- Distributing,

        G -- Defaulted, H -- Expired

 

Aggregate Interface: Bridge-Aggregation1

Aggregation Mode: Static

Loadsharing Type: NonS

Management VLANs: None

  Port             Status  Priority Oper-Key

--------------------------------------------------------------------------------

  HGE1/0/1         S       32768    1

  HGE1/0/2         S       32768    1

  HGE1/0/3         S       32768    1

The output shows that link aggregation group 1 is a Layer 2 static aggregation group that contains three Selected ports.

Layer 2 dynamic aggregation configuration example

Network requirements

On the network shown in Figure 14, perform the following tasks:

·          Configure a Layer 2 dynamic aggregation group on both Device A and Device B.

·          Enable VLAN 10 at one end of the aggregate link to communicate with VLAN 10 at the other end.

·          Enable VLAN 20 at one end of the aggregate link to communicate with VLAN 20 at the other end.

Figure 14 Network diagram

 

Configuration procedure

1.        Configure Device A:

# Create VLAN 10, and assign the port HundredGigE 1/0/4 to VLAN 10.

<DeviceA> system-view

[DeviceA] vlan 10

[DeviceA-vlan10] port hundredgige 1/0/4

[DeviceA-vlan10] quit

# Create VLAN 20, and assign the port HundredGigE 1/0/5 to VLAN 20.

[DeviceA] vlan 20

[DeviceA-vlan20] port hundredgige 1/0/5

[DeviceA-vlan20] quit

# Create Layer 2 aggregate interface Bridge-Aggregation 1, and set the link aggregation mode to dynamic.

[DeviceA] interface bridge-aggregation 1

[DeviceA-Bridge-Aggregation1] link-aggregation mode dynamic

[DeviceA-Bridge-Aggregation1] quit

# Assign ports HundredGigE 1/0/1 through HundredGigE 1/0/3 to link aggregation group 1.

[DeviceA] interface hundredgige 1/0/1

[DeviceA-HundredGigE1/0/1] port link-aggregation group 1

[DeviceA-HundredGigE1/0/1] quit

[DeviceA] interface hundredgige 1/0/2

[DeviceA-HundredGigE1/0/2] port link-aggregation group 1

[DeviceA-HundredGigE1/0/2] quit

[DeviceA] interface hundredgige 1/0/3

[DeviceA-HundredGigE1/0/3] port link-aggregation group 1

[DeviceA-HundredGigE1/0/3] quit

# Configure Layer 2 aggregate interface Bridge-Aggregation 1 as a trunk port and assign it to VLANs 10 and 20.

[DeviceA] interface bridge-aggregation 1

[DeviceA-Bridge-Aggregation1] port link-type trunk

[DeviceA-Bridge-Aggregation1] port trunk permit vlan 10 20

[DeviceA-Bridge-Aggregation1] quit

2.        Configure Device B in the same way Device A is configured. (Details not shown.)

Verifying the configuration

# Display detailed information about all aggregation groups on Device A.

[DeviceA] display link-aggregation verbose

Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing

Port Status: S -- Selected, U -- Unselected, I -- Individual

Port: A -- Auto port, M -- Management port, R -- Reference port

Flags:  A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation,

        D -- Synchronization, E -- Collecting, F -- Distributing,

        G -- Defaulted, H -- Expired

 

Aggregate Interface: Bridge-Aggregation1

Aggregation Mode: Dynamic

Loadsharing Type: NonS

Management VLANs: None

System ID: 0x8000, 000f-e267-6c6a

Local:

  Port                Status   Priority Index    Oper-Key               Flag

  HGE1/0/1            S        32768    11       1                      {ACDEF}

  HGE1/0/2            S        32768    12       1                      {ACDEF}

  HGE1/0/3            S        32768    13       1                      {ACDEF}

Remote:

  Actor               Priority Index    Oper-Key SystemID               Flag

  HGE1/0/1            32768    81       1        0x8000, 000f-e267-57ad {ACDEF}

  HGE1/0/2            32768    82       1        0x8000, 000f-e267-57ad {ACDEF}

  HGE1/0/3            32768    83       1        0x8000, 000f-e267-57ad {ACDEF}

The output shows that link aggregation group 1 is a Layer 2 dynamic aggregation group that contains three Selected ports.

Layer 2 aggregation load sharing configuration example

Network requirements

On the network shown in Figure 15, perform the following tasks:

·          Configure Layer 2 static aggregation groups 1 and 2 on Device A and Device B, respectively.

·          Enable VLAN 10 at one end of the aggregate link to communicate with VLAN 10 at the other end.

·          Enable VLAN 20 at one end of the aggregate link to communicate with VLAN 20 at the other end.

·          Configure link aggregation groups 1 and 2 to load share traffic across aggregation group member ports.

?  Configure link aggregation group 1 to load share packets based on source MAC addresses.

?  Configure link aggregation group 2 to load share packets based on destination MAC addresses.

Figure 15 Network diagram

Configuration procedure

1.        Configure Device A:

# Create VLAN 10, and assign the port HundredGigE 1/0/5 to VLAN 10.

<DeviceA> system-view

[DeviceA] vlan 10

[DeviceA-vlan10] port hundredgige 1/0/5

[DeviceA-vlan10] quit

# Create VLAN 20, and assign the port HundredGigE 1/0/6 to VLAN 20.

[DeviceA] vlan 20

[DeviceA-vlan20] port hundredgige 1/0/6

[DeviceA-vlan20] quit

# Create Layer 2 aggregate interface Bridge-Aggregation 1.

[DeviceA] interface bridge-aggregation 1

# Configure Layer 2 aggregation group 1 to load share packets based on source MAC addresses.

[DeviceA-Bridge-Aggregation1] link-aggregation load-sharing mode source-mac

[DeviceA-Bridge-Aggregation1] quit

# Assign ports HundredGigE 1/0/1 and HundredGigE 1/0/2 to link aggregation group 1.

[DeviceA] interface hundredgige 1/0/1

[DeviceA-HundredGigE1/0/1] port link-aggregation group 1

[DeviceA-HundredGigE1/0/1] quit

[DeviceA] interface hundredgige 1/0/2

[DeviceA-HundredGigE1/0/2] port link-aggregation group 1

[DeviceA-HundredGigE1/0/2] quit

# Configure Layer 2 aggregate interface Bridge-Aggregation 1 as a trunk port and assign it to VLAN 10.

[DeviceA] interface bridge-aggregation 1

[DeviceA-Bridge-Aggregation1] port link-type trunk

[DeviceA-Bridge-Aggregation1] port trunk permit vlan 10

[DeviceA-Bridge-Aggregation1] quit

# Create Layer 2 aggregate interface Bridge-Aggregation 2.

[DeviceA] interface bridge-aggregation 2

# Configure Layer 2 aggregation group 2 to load share packets based on destination MAC addresses.

[DeviceA-Bridge-Aggregation2] link-aggregation load-sharing mode destination-mac

[DeviceA-Bridge-Aggregation2] quit

# Assign ports HundredGigE 1/0/3 and HundredGigE 1/0/4 to link aggregation group 2.

[DeviceA] interface hundredgige 1/0/3

[DeviceA-HundredGigE1/0/3] port link-aggregation group 2

[DeviceA-HundredGigE1/0/3] quit

[DeviceA] interface hundredgige 1/0/4

[DeviceA-HundredGigE1/0/4] port link-aggregation group 2

[DeviceA-HundredGigE1/0/4] quit

# Configure Layer 2 aggregate interface Bridge-Aggregation 2 as a trunk port and assign it to VLAN 20.

[DeviceA] interface bridge-aggregation 2

[DeviceA-Bridge-Aggregation2] port link-type trunk

[DeviceA-Bridge-Aggregation2] port trunk permit vlan 20

[DeviceA-Bridge-Aggregation2] quit

2.        Configure Device B in the same way Device A is configured. (Details not shown.)

Verifying the configuration

# Display detailed information about all aggregation groups on Device A.

[DeviceA] display link-aggregation verbose

Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing

Port Status: S -- Selected, U -- Unselected, I -- Individual

Port: A -- Auto port, M -- Management port, R -- Reference port

Flags:  A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation,

        D -- Synchronization, E -- Collecting, F -- Distributing,

        G -- Defaulted, H -- Expired

 

Aggregate Interface: Bridge-Aggregation1

Aggregation Mode: Static

Loadsharing Type: Shar

Management VLANs: None

  Port             Status  Priority Oper-Key

--------------------------------------------------------------------------------

  HGE1/0/1         S       32768    1

  HGE1/0/2         S       32768    1

 

Aggregate Interface: Bridge-Aggregation2

Aggregation Mode: Static

Loadsharing Type: Shar

Management VLANs: None

  Port             Status  Priority Oper-Key

--------------------------------------------------------------------------------

  HGE1/0/3         S       32768    2

  HGE1/0/4         S       32768    2

The output shows that:

·          Link aggregation groups 1 and 2 are both load-shared Layer 2 static aggregation groups.

·          Each aggregation group contains two Selected ports.

# Display all the group-specific load sharing modes on Device A.

[DeviceA] display link-aggregation load-sharing mode interface

 

Bridge-Aggregation1 Load-Sharing Mode:

source-mac address

 

Bridge-Aggregation2 Load-Sharing Mode:

destination-mac address

The output shows that:

·          Link aggregation group 1 load shares packets based on source MAC addresses.

·          Link aggregation group 2 load shares packets based on destination MAC addresses.

Layer 2 edge aggregate interface configuration example

Network requirements

As shown in Figure 16, a Layer 2 dynamic aggregation group is configured on the device. The server is not configured with dynamic link aggregation.

Configure an edge aggregate interface so that both HundredGigE 1/0/1 and HundredGigE 1/0/2 can forward traffic to improve link reliability.

Figure 16 Network diagram

Configuration procedure

# Create Layer 2 aggregate interface Bridge-Aggregation 1, and set the link aggregation mode to dynamic.

<Device> system-view

[Device] interface bridge-aggregation 1

[Device-Bridge-Aggregation1] link-aggregation mode dynamic

# Configure Layer 2 aggregate interface Bridge-Aggregation 1 as an edge aggregate interface.

[Device-Bridge-Aggregation1] lacp edge-port

[Device-Bridge-Aggregation1] quit

# Assign ports HundredGigE 1/0/1 and HundredGigE 1/0/2 to link aggregation group 1.

[Device] interface hundredgige 1/0/1

[Device-HundredGigE1/0/1] port link-aggregation group 1

[Device-HundredGigE1/0/1] quit

[Device] interface hundredgige 1/0/2

[Device-HundredGigE1/0/2] port link-aggregation group 1

[Device-HundredGigE1/0/2] quit

Verifying the configuration

# Display detailed information about all aggregation groups on the device when the server is not configured with dynamic link aggregation.

[Device] display link-aggregation verbose

Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing

Port Status: S -- Selected, U -- Unselected, I -- Individual

Port: A -- Auto port, M -- Management port, R -- Reference port

Flags:  A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation,

        D -- Synchronization, E -- Collecting, F -- Distributing,

        G -- Defaulted, H -- Expired

 

Aggregate Interface: Bridge-Aggregation1

Aggregation Mode: Dynamic

Loadsharing Type: NonS

Management VLANs: None

System ID: 0x8000, 000f-e267-6c6a

Local:

  Port                Status   Priority Index    Oper-Key               Flag

  HGE1/0/1            I        32768    11       1                      {AG}

  HGE1/0/2            I        32768    12       1                      {AG}

Remote:

  Actor               Priority Index    Oper-Key SystemID               Flag

  HGE1/0/1            32768    81       0        0x8000, 0000-0000-0000 {DEF}

  HGE1/0/2            32768    82       0        0x8000, 0000-0000-0000 {DEF}

The output shows that HundredGigE 1/0/1 and HundredGigE 1/0/2 are in Individual state when they do not receive LACPDUs from the server. Both HundredGigE 1/0/1 and HundredGigE 1/0/2 can forward traffic. When one port fails, its traffic is automatically switched to the other port.

Layer 3 static aggregation configuration example

Network requirements

On the network shown in Figure 17, perform the following tasks:

·          Configure a Layer 3 static aggregation group on both Device A and Device B.

·          Configure IP addresses and subnet masks for the corresponding Layer 3 aggregate interfaces.

Figure 17 Network diagram

Configuration procedure

1.        Configure Device A:

# Create Layer 3 aggregate interface Route-Aggregation 1, and configure an IP address and subnet mask for the aggregate interface.

<DeviceA> system-view

[DeviceA] interface route-aggregation 1

[DeviceA-Route-Aggregation1] ip address 192.168.1.1 24

[DeviceA-Route-Aggregation1] quit

# Assign Layer 3 Ethernet interfaces HundredGigE 1/0/1 through HundredGigE 1/0/3 to aggregation group 1.

[DeviceA] interface hundredgige 1/0/1

[DeviceA-HundredGigE1/0/1] port link-aggregation group 1

[DeviceA-HundredGigE1/0/1] quit

[DeviceA] interface hundredgige 1/0/2

[DeviceA-HundredGigE1/0/2] port link-aggregation group 1

[DeviceA-HundredGigE1/0/2] quit

[DeviceA] interface hundredgige 1/0/3

[DeviceA-HundredGigE1/0/3] port link-aggregation group 1

[DeviceA-HundredGigE1/0/3] quit

2.        Configure Device B in the same way Device A is configured. (Details not shown.)

Verifying the configuration

# Display detailed information about all aggregation groups on Device A.

[DeviceA] display link-aggregation verbose

Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing

Port Status: S -- Selected, U -- Unselected, I -- Individual

Port: A -- Auto port, M -- Management port, R -- Reference port

Flags:  A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation,

        D -- Synchronization, E -- Collecting, F -- Distributing,

        G -- Defaulted, H -- Expired

 

Aggregate Interface: Route-Aggregation1

Aggregation Mode: Static

Loadsharing Type: NonS

Management VLANs: None

  Port             Status  Priority Oper-Key

--------------------------------------------------------------------------------

  HGE1/0/1         S       32768    1

  HGE1/0/2         S       32768    1

  HGE1/0/3         S       32768    1

The output shows that link aggregation group 1 is a Layer 3 static aggregation group that contains three Selected ports.

Layer 3 dynamic aggregation configuration example

Network requirements

On the network shown in Figure 18, perform the following tasks:

·          Configure a Layer 3 dynamic aggregation group on both Device A and Device B.

·          Configure IP addresses and subnet masks for the corresponding Layer 3 aggregate interfaces.

Figure 18 Network diagram

Configuration procedure

1.        Configure Device A:

# Create Layer 3 aggregate interface Route-Aggregation 1.

<DeviceA> system-view

[DeviceA] interface route-aggregation 1

# Set the link aggregation mode to dynamic.

[DeviceA-Route-Aggregation1] link-aggregation mode dynamic

# Configure an IP address and subnet mask for Route-Aggregation 1.

[DeviceA-Route-Aggregation1] ip address 192.168.1.1 24

[DeviceA-Route-Aggregation1] quit

# Assign Layer 3 Ethernet interfaces HundredGigE 1/0/1 through HundredGigE 1/0/3 to aggregation group 1.

[DeviceA] interface hundredgige 1/0/1

[DeviceA-HundredGigE1/0/1] port link-aggregation group 1

[DeviceA-HundredGigE1/0/1] quit

[DeviceA] interface hundredgige 1/0/2

[DeviceA-HundredGigE1/0/2] port link-aggregation group 1

[DeviceA-HundredGigE1/0/2] quit

[DeviceA] interface hundredgige 1/0/3

[DeviceA-HundredGigE1/0/3] port link-aggregation group 1

[DeviceA-HundredGigE1/0/3] quit

2.        Configure Device B in the same way Device A is configured. (Details not shown.)

Verifying the configuration

# Display detailed information about all aggregation groups on Device A.

[DeviceA] display link-aggregation verbose

Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing

Port Status: S -- Selected, U -- Unselected, I -- Individual

Port: A -- Auto port, M -- Management port, R -- Reference port

Flags:  A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation,

        D -- Synchronization, E -- Collecting, F -- Distributing,

        G -- Defaulted, H -- Expired

 

Aggregate Interface: Route-Aggregation1

Aggregation Mode: Dynamic

Loadsharing Type: NonS

Management VLANs: None

System ID: 0x8000, 000f-e267-6c6a

Local:

  Port                Status   Priority Index    Oper-Key               Flag

  HGE1/0/1            S        32768    11       1                      {ACDEF}

  HGE1/0/2            S        32768    12       1                      {ACDEF}

  HGE1/0/3            S        32768    13       1                      {ACDEF}

Remote:

  Actor               Priority Index    Oper-Key SystemID               Flag

  HGE1/0/1            32768    81       1        0x8000, 000f-e267-57ad {ACDEF}

  HGE1/0/2            32768    82       1        0x8000, 000f-e267-57ad {ACDEF}

  HGE1/0/3            32768    83       1        0x8000, 000f-e267-57ad {ACDEF}

The output shows that link aggregation group 1 is a Layer 3 dynamic aggregation group that contains three Selected ports.

Layer 3 aggregation load sharing configuration example

Network requirements

On the network shown in Figure 19, perform the following tasks:

·          Configure Layer 3 static aggregation groups 1 and 2 on Device A and Device B, respectively.

·          Configure IP addresses and subnet masks for the corresponding Layer 3 aggregate interfaces.

·          Configure link aggregation group 1 to load share packets based on source IP addresses.

·          Configure link aggregation group 2 to load share packets based on destination IP addresses.

Figure 19 Network diagram

Configuration procedure

1.        Configure Device A:

# Create Layer 3 aggregate interface Route-Aggregation 1.

<DeviceA> system-view

[DeviceA] interface route-aggregation 1

# Configure Layer 3 aggregation group 1 to load share packets based on source IP addresses.

[DeviceA-Route-Aggregation1] link-aggregation load-sharing mode source-ip

# Configure an IP address and subnet mask for Layer 3 aggregate interface Route-Aggregation 1.

[DeviceA-Route-Aggregation1] ip address 192.168.1.1 24

[DeviceA-Route-Aggregation1] quit

# Assign Layer 3 Ethernet interfaces HundredGigE 1/0/1 and HundredGigE 1/0/2 to aggregation group 1.

[DeviceA] interface hundredgige 1/0/1

[DeviceA-HundredGigE1/0/1] port link-aggregation group 1

[DeviceA-HundredGigE1/0/1] quit

[DeviceA] interface hundredgige 1/0/2

[DeviceA-HundredGigE1/0/2] port link-aggregation group 1

[DeviceA-HundredGigE1/0/2] quit

# Create Layer 3 aggregate interface Route-Aggregation 2.

[DeviceA] interface route-aggregation 2

# Configure Layer 3 aggregation group 2 to load share packets based on destination IP addresses.

[DeviceA-Route-Aggregation2] link-aggregation load-sharing mode destination-ip

# Configure an IP address and subnet mask for Layer 3 aggregate interface Route-Aggregation 2.

[DeviceA-Route-Aggregation2] ip address 192.168.2.1 24

[DeviceA-Route-Aggregation2] quit

# Assign Layer 3 Ethernet interfaces HundredGigE 1/0/3 and HundredGigE 1/0/4 to aggregation group 2.

[DeviceA] interface hundredgige 1/0/3

[DeviceA-HundredGigE1/0/3] port link-aggregation group 2

[DeviceA-HundredGigE1/0/3] quit

[DeviceA] interface hundredgige 1/0/4

[DeviceA-HundredGigE1/0/4] port link-aggregation group 2

[DeviceA-HundredGigE1/0/4] quit

2.        Configure Device B in the same way Device A is configured. (Details not shown.)

Verifying the configuration

# Display detailed information about all aggregation groups on Device A.

[DeviceA] display link-aggregation verbose

Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing

Port Status: S -- Selected, U -- Unselected, I -- Individual

Port: A -- Auto port, M -- Management port, R -- Reference port

Flags:  A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation,

        D -- Synchronization, E -- Collecting, F -- Distributing,

        G -- Defaulted, H -- Expired

 

Aggregate Interface: Route-Aggregation1

Aggregation Mode: Static

Loadsharing Type: Shar

Management VLANs: None

  Port             Status  Priority Oper-Key

--------------------------------------------------------------------------------

  HGE1/0/1         S       32768    1

  HGE1/0/2         S       32768    1

 

Aggregate Interface: Route-Aggregation2

Aggregation Mode: Static

Loadsharing Type: Shar

Management VLANs: None

  Port             Status  Priority Oper-Key

--------------------------------------------------------------------------------

  HGE1/0/3         S       32768    2

  HGE1/0/4         S       32768    2

The output shows that:

·          Link aggregation groups 1 and 2 are both load-shared Layer 3 static aggregation groups.

·          Each aggregation group contains two Selected ports.

# Display all the group-specific load sharing modes on Device A.

[DeviceA] display link-aggregation load-sharing mode interface

 

Route-Aggregation1 Load-Sharing Mode:

source-ip address

 

Route-Aggregation2 Load-Sharing Mode:

destination-ip address

The output shows that:

·          Link aggregation group 1 load shares packets based on source IP addresses.

·          Link aggregation group 2 load shares packets based on destination IP addresses.

Layer 3 edge aggregate interface configuration example

Network requirements

As shown in Figure 20, a Layer 3 dynamic aggregation group is configured on the device. The server is not configured with dynamic link aggregation.

Configure an edge aggregate interface so that both HundredGigE 1/0/1 and HundredGigE 1/0/2 can forward traffic to improve link reliability.

Figure 20 Network diagram

Configuration procedure

# Create Layer 3 aggregate interface Route-Aggregation 1, and set the link aggregation mode to dynamic.

<Device> system-view

[Device] interface route-aggregation 1

[Device-Route-Aggregation1] link-aggregation mode dynamic

# Configure an IP address and subnet mask for Layer 3 aggregate interface Route-Aggregation 1.

[Device-Route-Aggregation1] ip address 192.168.1.1 24

# Configure Layer 3 aggregate interface Route-Aggregation 1 as an edge aggregate interface.

[Device-Route-Aggregation1] lacp edge-port

[Device-Route-Aggregation1] quit

# Assign Layer 3 Ethernet interfaces HundredGigE 1/0/1 and HundredGigE 1/0/2 to aggregation group 1.

[Device] interface hundredgige 1/0/1

[Device-HundredGigE1/0/1] port link-aggregation group 1

[Device-HundredGigE1/0/1] quit

[Device] interface hundredgige 1/0/2

[Device-HundredGigE1/0/2] port link-aggregation group 1

[Device-HundredGigE1/0/2] quit

Verifying the configuration

# Display detailed information about all aggregation groups on the device when the server is not configured with dynamic link aggregation.

[Device] display link-aggregation verbose

Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing

Port Status: S -- Selected, U -- Unselected, I -- Individual

Port: A -- Auto port, M -- Management port, R -- Reference port

Flags:  A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation,

        D -- Synchronization, E -- Collecting, F -- Distributing,

        G -- Defaulted, H -- Expired

 

Aggregate Interface: Route-Aggregation1

Aggregation Mode: Dynamic

Loadsharing Type: NonS

Management VLANs: None

System ID: 0x8000, 000f-e267-6c6a

Local:

  Port                Status   Priority Index    Oper-Key               Flag

  HGE1/0/1            I        32768    11       1                      {AG}

  HGE1/0/2            I        32768    12       1                      {AG}

Remote:

  Actor               Priority Index    Oper-Key SystemID               Flag

  HGE1/0/1            32768    81       0        0x8000, 0000-0000-0000 {DEF}

  HGE1/0/2            32768    82       0        0x8000, 0000-0000-0000 {DEF}

The output shows that HundredGigE 1/0/1 and HundredGigE 1/0/2 are in Individual state when they do not receive LACPDUs from the server. Both HundredGigE 1/0/1 and HundredGigE 1/0/2 can forward traffic. When one port fails, its traffic is automatically switched to the other port.

 


Configuring port isolation

The port isolation feature isolates Layer 2 traffic for data privacy and security without using VLANs.

Ports in an isolation group cannot communicate with each other. However, they can communicate with ports outside the isolation group.

Assigning a port to an isolation group

The device supports multiple isolation groups, which can be configured manually. The number of ports assigned to an isolation group is not limited.

To assign a port to an isolation group:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Create an isolation group.

port-isolate group group-id

By default, no isolation groups exist.

3.       Enter interface view.

·         Enter Layer 2 Ethernet interface view:
interface interface-type interface-number

·         Enter Layer 2 aggregate interface view:
interface bridge-aggregation interface-number

·         The configuration in Layer 2 Ethernet interface view applies only to the interface.

·         The configuration in Layer 2 aggregate interface view applies to the Layer 2 aggregate interface and its aggregation member ports. If the device fails to apply the configuration to the aggregate interface, it does not assign any aggregation member port to the isolation group. If the failure occurs on an aggregation member port, the device skips the port and continues to assign other aggregation member ports to the isolation group.

4.       Assign the port to the isolation group.

port-isolate enable group group-id

By default, the port is not in any isolation group.

You can assign a port to only one isolation group. If you execute the port-isolate enable group command multiple times, the most recent configuration takes effect.

 

Displaying and maintaining port isolation

Execute display commands in any view.

 

Task

Command

Display isolation group information.

display port-isolate group [ group-id ]

 

Port isolation configuration example

Network requirements

As shown in Figure 21:

·          LAN users Host A, Host B, and Host C are connected to HundredGigE 1/0/1, HundredGigE 1/0/2, and HundredGigE 1/0/3 on the device, respectively.

·          The device connects to the Internet through HundredGigE 1/0/4.

Configure the device to provide Internet access for the hosts, and isolate them from one another at Layer 2.

Figure 21 Network diagram

Configuration procedure

# Create isolation group 1.

<Device> system-view

[Device] port-isolate group 1

# Assign HundredGigE 1/0/1, HundredGigE 1/0/2, and HundredGigE 1/0/3 to isolation group 1.

[Device] interface hundredgige 1/0/1

[Device-HundredGigE1/0/1] port-isolate enable group 1

[Device-HundredGigE1/0/1] quit

[Device] interface hundredgige 1/0/2

[Device-HundredGigE1/0/2] port-isolate enable group 1

[Device-HundredGigE1/0/2] quit

[Device] interface hundredgige 1/0/3

[Device-HundredGigE1/0/3] port-isolate enable group 1

[Device-HundredGigE1/0/3] quit

Verifying the configuration

# Display information about isolation group 1.

[Device] display port-isolate group 1

 Port isolation group information:

 Group ID: 1

 Group members:

    HundredGigE1/0/1

    HundredGigE1/0/2

    HundredGigE1/0/3

The output shows that HundredGigE 1/0/1, HundredGigE 1/0/2, and HundredGigE 1/0/3 are assigned to isolation group 1. As a result, Host A, Host B, and Host C are isolated from one another at layer 2.


Configuring spanning tree protocols

Spanning tree protocols eliminate loops in a physical link-redundant network by selectively blocking redundant links and putting them in a standby state.

The recent versions of STP include the Rapid Spanning Tree Protocol (RSTP), the Per-VLAN Spanning Tree (PVST), and the Multiple Spanning Tree Protocol (MSTP).

STP

STP was developed based on the 802.1d standard of IEEE to eliminate loops at the data link layer in a LAN. Networks often have redundant links as backups in case of failures, but loops are a very serious problem. Devices running STP detect loops in the network by exchanging information with one another. They eliminate loops by selectively blocking certain ports to prune the loop structure into a loop-free tree structure. This avoids proliferation and infinite cycling of packets that would occur in a loop network.

In a narrow sense, STP refers to IEEE 802.1d STP. In a broad sense, STP refers to the IEEE 802.1d STP and various enhanced spanning tree protocols derived from that protocol.

STP protocol frames

STP uses bridge protocol data units (BPDUs), also known as configuration messages, as its protocol frames. This chapter uses BPDUs to represent all types of spanning tree protocol frames.

STP-enabled devices exchange BPDUs to establish a spanning tree. BPDUs contain sufficient information for the devices to complete spanning tree calculation.

STP uses two types of BPDUs, configuration BPDUs and topology change notification (TCN) BPDUs.

Configuration BPDUs

Devices exchange configuration BPDUs to elect the root bridge and determine port roles. Figure 22 shows the configuration BPDU format.

Figure 22 Configuration BPDU format

 

The payload of a configuration BPDU includes the following fields:

·          Protocol ID—Fixed at 0x0000, which represents IEEE 802.1d.

·          Protocol version ID—Spanning tree protocol version ID. The protocol version ID for STP is 0x00.

·          BPDU type—Type of the BPDU. The value is 0x00 for a configuration BPDU.

·          Flags—An 8-bit field indicates the purpose of the BPDU. The lowest bit is the Topology Change (TC) flag. The highest bit is the Topology Change Acknowledge (TCA) flag. All other bits are reserved.

·          Root ID—Root bridge ID formed by the priority and MAC address of the root bridge.

·          Root path cost—Cost of the path to the root bridge.

·          Bridge ID—Designated bridge ID formed by the priority and MAC address of the designated bridge.

·          Port ID—Designated port ID formed by the priority and global port number of the designated port.

·          Message age—Age of the configuration BPDU while it propagates in the network.

·          Max age—Maximum age of the configuration BPDU stored on the switch.

·          Hello time—Configuration BPDU transmission interval.

·          Forward delay—Delay for STP bridges to transit port state.

Devices use the root bridge ID, root path cost, designated bridge ID, designated port ID, message age, max age, hello time, and forward delay for spanning tree calculation.

TCN BPDUs

Devices use TCN BPDUs to announce changes in the network topology. Figure 23 shows the TCN BPDU format.

Figure 23 TCN BPDU format

 

The payload of a TCN BPDU includes the following fields:

·          Protocol ID—Fixed at 0x0000, which represents IEEE 802.1d.

·          Protocol version ID—Spanning tree protocol version ID. The protocol version ID for STP is 0x00.

·          BPDU type—Type of the BPDU. The value is 0x80 for a TCN BPDU.

A non-root bridge sends TCN BPDUs when one of the following events occurs on the bridge:

·          A port transits to the forwarding state, and the bridge has a minimum of one designated port.

·          A port transits from the forwarding or learning state to the blocking state.

The non-root bridge uses TCN BPDUs to notify the root bridge once the network topology changes. The root bridge then sets the TC flag in its configuration BPDU and propagates it to other bridges.

Basic concepts in STP

Root bridge

A tree network must have a root bridge. The entire network contains only one root bridge, and all the other bridges in the network are called leaf nodes. The root bridge is not permanent, but can change with changes of the network topology.

Upon initialization of a network, each device generates and periodically sends configuration BPDUs, with itself as the root bridge. After network convergence, only the root bridge generates and periodically sends configuration BPDUs. The other devices only forward the BPDUs.

Root port

On a non-root bridge, the port nearest to the root bridge is the root port. The root port communicates with the root bridge. Each non-root bridge has only one root port. The root bridge has no root port.

Designated bridge and designated port

Classification

Designated bridge

Designated port

For a device

Device directly connected to the local device and responsible for forwarding BPDUs to the local device.

Port through which the designated bridge forwards BPDUs to this device.

For a LAN

Device responsible for forwarding BPDUs to this LAN segment.

Port through which the designated bridge forwards BPDUs to this LAN segment.

 

As shown in Figure 24, Device B and Device C are directly connected to a LAN.

If Device A forwards BPDUs to Device B through port A1, the designated bridge and designated port are as follows:

·          The designated bridge for Device B is Device A.

·          The designated port for Device B is port A1 on Device A.

If Device B forwards BPDUs to the LAN, the designated bridge and designated port are as follows:

·          The designated bridge for the LAN is Device B.

·          The designated port for the LAN is port B2 on Device B.

Figure 24 Designated bridges and designated ports

 

Port states

Table 5 lists the port states in STP.

Table 5 STP port states

State

Receives/sends BPDUs

Learns MAC addresses

Forwards use data

Disabled

No

No

No

Listening

Yes

No

No

Learning

Yes

Yes

No

Forwarding

Yes

Yes

Yes

Blocking

Receive

No

No

 

Path cost

Path cost is a reference value used for link selection in STP. To prune the network into a loop-free tree, STP calculates path costs to select the most robust links and block redundant links that are less robust.

Calculation process of the STP algorithm

The spanning tree calculation process described in the following sections is an example of a simplified process.

Calculation process

The STP algorithm uses the following calculation process:

1.        Network initialization.

Upon initialization of a device, each port generates a BPDU with the following contents:

?  The port as the designated port.

?  The device as the root bridge.

?  0 as the root path cost.

?  The device ID as the designated bridge ID.

2.        Root bridge selection.

Initially, each STP-enabled device on the network assumes itself to be the root bridge, with its own device ID as the root bridge ID. By exchanging configuration BPDUs, the devices compare their root bridge IDs to elect the device with the smallest root bridge ID as the root bridge.

3.        Root port and designated ports selection on the non-root bridges.

 

Step

Description

1

A non-root-bridge device regards the port on which it received the optimum configuration BPDU as the root port. Table 6 describes how the optimum configuration BPDU is selected.

2

Based on the configuration BPDU and the path cost of the root port, the device calculates a designated port configuration BPDU for each of the other ports.

·         The root bridge ID is replaced with that of the configuration BPDU of the root port.

·         The root path cost is replaced with that of the configuration BPDU of the root port plus the path cost of the root port.

·         The designated bridge ID is replaced with the ID of this device.

·         The designated port ID is replaced with the ID of this port.

3

The device compares the calculated configuration BPDU with the configuration BPDU on the port whose port role will be determined. Then, the device acts depending on the result of the comparison:

·         If the calculated configuration BPDU is superior, the device performs the following operations:

?  Considers this port as the designated port.

?  Replaces the configuration BPDU on the port with the calculated configuration BPDU.

?  Periodically sends the calculated configuration BPDU.

·         If the configuration BPDU on the port is superior, the device blocks this port without updating its configuration BPDU. The blocked port can receive BPDUs, but cannot send BPDUs or forward data traffic.

 

When the network topology is stable, only the root port and designated ports forward user traffic. Other ports are all in the blocking state to receive BPDUs but not to forward BPDUs or user traffic.

Table 6 Selecting the optimum configuration BPDU

Step

Actions

1

Upon receiving a configuration BPDU on a port, the device compares the priority of the received configuration BPDU with that of the configuration BPDU generated by the port.

·         If the former priority is lower, the device discards the received configuration BPDU and keeps the configuration BPDU the port generated.

·         If the former priority is higher, the device replaces the content of the configuration BPDU generated by the port with the content of the received configuration BPDU.

2

The device compares the configuration BPDUs of all the ports and chooses the optimum configuration BPDU.

 

The following are the principles of configuration BPDU comparison:

a.    The configuration BPDU with the lowest root bridge ID has the highest priority.

b.    If configuration BPDUs have the same root bridge ID, their root path costs are compared. For example, the root path cost in a configuration BPDU plus the path cost of a receiving port is S. The configuration BPDU with the smallest S value has the highest priority.

c.    If all configuration BPDUs have the same root bridge ID and S value, the following attributes are compared in sequence:

-      Designated bridge IDs.

-      Designated port IDs.

-      IDs of the receiving ports.

The configuration BPDU that contains a smaller designated bridge ID, designated port ID, or receiving port ID is selected.

A tree-shape topology forms when the root bridge, root ports, and designated ports are selected.

Example of STP calculation

Figure 25 provides an example showing how the STP algorithm works.

Figure 25 The STP algorithm

 

As shown in Figure 25, the priority values of Device A, Device B, and Device C are 0, 1, and 2, respectively. The path costs of links among the three devices are 5, 10, and 4.

1.        Device state initialization.

In Table 7, each configuration BPDU contains the following fields: root bridge ID, root path cost, designated bridge ID, and designated port ID.

Table 7 Initial state of each device

Device

Port name

Configuration BPDU on the port

Device A

Port A1

{0, 0, 0, Port A1}

Port A2

{0, 0, 0, Port A2}

Device B

Port B1

{1, 0, 1, Port B1}

Port B2

{1, 0, 1, Port B2}

Device C

Port C1

{2, 0, 2, Port C1}

Port C2

{2, 0, 2, Port C2}

 

2.        Configuration BPDUs comparison on each device.

In Table 8, each configuration BPDU contains the following fields: root bridge ID, root path cost, designated bridge ID, and designated port ID.

Table 8 Comparison process and result on each device

Device

Comparison process

Configuration BPDU on ports after comparison

Device A

Port A1 performs the following operations:

1.       Receives the configuration BPDU of Port B1 {1, 0, 1, Port B1}.

2.       Determines that its existing configuration BPDU {0, 0, 0, Port A1} is superior to the received configuration BPDU.

3.       Discards the received one.

Port A2 performs the following operations:

1.       Receives the configuration BPDU of Port C1 {2, 0, 2, Port C1}.

2.       Determines that its existing configuration BPDU {0, 0, 0, Port A2} is superior to the received configuration BPDU.

3.       Discards the received one.

Device A determines that it is both the root bridge and designated bridge in the configuration BPDUs of all its ports. It considers itself as the root bridge. It does not change the configuration BPDU of any port and starts to periodically send configuration BPDUs.

·         Port A1: {0, 0, 0, Port A1}

·         Port A2: {0, 0, 0, Port A2}

Device B

Port B1 performs the following operations:

1.       Receives the configuration BPDU of Port A1 {0, 0, 0, Port A1}.

2.       Determines that the received configuration BPDU is superior to its existing configuration BPDU {1, 0, 1, Port B1}.

3.       Updates its configuration BPDU.

Port B2 performs the following operations:

1.       Receives the configuration BPDU of Port C2 {2, 0, 2, Port C2}.

2.       Determines that its existing configuration BPDU {1, 0, 1, Port B2} is superior to the received configuration BPDU.

3.       Discards the received BPDU.

·         Port B1: {0, 0, 0, Port A1}

·         Port B2: {1, 0, 1, Port B2}

Device B performs the following operations:

1.       Compares the configuration BPDUs of all its ports.

2.       Decides that the configuration BPDU of Port B1 is the optimum.

3.       Selects Port B1 as the root port with the configuration BPDU unchanged.

Based on the configuration BPDU and path cost of the root port, Device B calculates a designated port configuration BPDU for Port B2 {0, 5, 1, Port B2}. Device B compares it with the existing configuration BPDU of Port B2 {1, 0, 1, Port B2}. Device B determines that the calculated one is superior, and determines that Port B2 is the designated port. It replaces the configuration BPDU on Port B2 with the calculated one, and periodically sends the calculated configuration BPDU.

·         Root port (Port B1): {0, 0, 0, Port A1}

·         Designated port (Port B2): {0, 5, 1, Port B2}

Device C

Port C1 performs the following operations:

1.       Receives the configuration BPDU of Port A2 {0, 0, 0, Port A2}.

2.       Determines that the received configuration BPDU is superior to its existing configuration BPDU {2, 0, 2, Port C1}.

3.       Updates its configuration BPDU.

Port C2 performs the following operations:

1.       Receives the original configuration BPDU of Port B2 {1, 0, 1, Port B2}.

2.       Determines that the received configuration BPDU is superior to the existing configuration BPDU {2, 0, 2, Port C2}.

3.       Updates its configuration BPDU.

·         Port C1: {0, 0, 0, Port A2}

·         Port C2: {1, 0, 1, Port B2}

Device C performs the following operations:

1.       Compares the configuration BPDUs of all its ports.

2.       Decides that the configuration BPDU of Port C1 is the optimum.

3.       Selects Port C1 as the root port with the configuration BPDU unchanged.

Based on the configuration BPDU and path cost of the root port, Device C calculates the configuration BPDU of Port C2 {0, 10, 2, Port C2}. Device C compares it with the existing configuration BPDU of Port C2 {1, 0, 1, Port B2}. Device C determines that the calculated configuration BPDU is superior to the existing one, selects Port C2 as the designated port, and replaces the configuration BPDU of Port C2 with the calculated one.

·         Root port (Port C1): {0, 0, 0, Port A2}

·         Designated port (Port C2): {0, 10, 2, Port C2}

Port C2 performs the following operations:

1.       Receives the updated configuration BPDU of Port B2 {0, 5, 1, Port B2}.

2.       Determines that the received configuration BPDU is superior to its existing configuration BPDU {0, 10, 2, Port C2}.

3.       Updates its configuration BPDU.

Port C1 performs the following operations:

1.       Receives a periodic configuration BPDU {0, 0, 0, Port A2} from Port A2.

2.       Determines that it is the same as the existing configuration BPDU.

3.       Discards the received BPDU.

·         Port C1: {0, 0, 0, Port A2}

·         Port C2: {0, 5, 1, Port B2}

Device C determines that the root path cost of Port C1 is larger than that of Port C2. The root path cost of Port C1 is 10, root path cost of the received configuration BPDU (0) plus path cost of Port C1 (10). The root path cost of Port C2 is 9, root path cost of the received configuration BPDU (5) plus path cost of Port C2 (4). Device C determines that the configuration BPDU of Port C2 is the optimum, and selects Port C2 as the root port with the configuration BPDU unchanged.

Based on the configuration BPDU and path cost of the root port, Device C performs the following operations:

1.       Calculates a designated port configuration BPDU for Port C1 {0, 9, 2, Port C1}.

2.       Compares it with the existing configuration BPDU of Port C1 {0, 0, 0, Port A2}.

3.       Determines that the existing configuration BPDU is superior to the calculated one and blocks Port C1 with the configuration BPDU unchanged.

Port C1 does not forward data until a new event triggers a spanning tree calculation process: for example, the link between Device B and Device C is down.

·         Blocked port (Port C1): {0, 0, 0, Port A2}

·         Root port (Port C2): {0, 5, 1, Port B2}

 

After the comparison processes described in Table 8, a spanning tree with Device A as the root bridge is established, as shown in Figure 26.

Figure 26 The final calculated spanning tree

 

The configuration BPDU forwarding mechanism of STP

The configuration BPDUs of STP are forwarded according to these guidelines:

·          Upon network initiation, every device regards itself as the root bridge and generates configuration BPDUs with itself as the root. Then it sends the configuration BPDUs at a regular hello interval.

·          If the root port receives a configuration BPDU superior to the configuration BPDU of the port, the device performs the following operations:

?  Increases the message age carried in the configuration BPDU.

?  Starts a timer to time the configuration BPDU.

?  Sends this configuration BPDU through the designated port.

·          If a designated port receives a configuration BPDU with a lower priority than its configuration BPDU, the port immediately responds with its configuration BPDU.

·          If a path fails, the root port on this path no longer receives new configuration BPDUs and the old configuration BPDUs will be discarded due to timeout. The device generates a configuration BPDU with itself as the root and sends the BPDUs and TCN BPDUs. This triggers a new spanning tree calculation process to establish a new path to restore the network connectivity.

However, the newly calculated configuration BPDU cannot be propagated throughout the network immediately. As a result, the old root ports and designated ports that have not detected the topology change continue forwarding data along the old path. If the new root ports and designated ports begin to forward data as soon as they are elected, a temporary loop might occur.

STP timers

The most important timing parameters in STP calculation are forward delay, hello time, and max age.

·          Forward delay

Forward delay is the delay time for port state transition. By default, the forward delay is 15 seconds.

A path failure can cause spanning tree re-calculation to adapt the spanning tree structure to the change. However, the resulting new configuration BPDU cannot propagate throughout the network immediately. If the newly elected root ports and designated ports start to forward data immediately, a temporary loop will likely occur.

The newly elected root ports or designated ports must go through the listening and learning states before they transit to the forwarding state. This requires twice the forward delay time and allows the new configuration BPDU to propagate throughout the network.

·          Hello time

The device sends configuration BPDUs at the hello time interval to the neighboring devices to ensure that the paths are fault-free. By default, the hello time is 2 seconds. If the device does not receive configuration BPDUs within the timeout period, it recalculates the spanning tree. The formula for calculating the timeout period is timeout period = timeout factor × 3 × hello time.

·          Max age

The device uses the max age to determine whether a stored configuration BPDU has expired and discards it if the max age is exceeded. By default, the max age is 20 seconds. In the CIST of an MSTP network, the device uses the max age timer to determine whether a configuration BPDU received by a port has expired. If it is expired, a new spanning tree calculation process starts. The max age timer does not take effect on MSTIs.

If a port does not receive any configuration BPDUs within the timeout period, the port transits to the listening state. The device will recalculate the spanning tree. It takes the port 50 seconds to transit back to the forwarding state. This period includes 20 seconds for the max age, 15 seconds for the listening state, and 15 seconds for the learning state.

To ensure a fast topology convergence, make sure the timer settings meet the following formulas:

·          2 × (forward delay – 1 second) ≥ max age

·          Max age ≥ 2 × (hello time + 1 second)

RSTP

RSTP achieves rapid network convergence by allowing a newly elected root port or designated port to enter the forwarding state much faster than STP.

RSTP protocol frames

An RSTP BPDU uses the same format as an STP BPDU except that a Version1 length field is added to the payload of RSTP BPDUs. The differences between an RSTP BPDU and an STP BPDU are as follows:

·          Protocol version ID—The value is 0x02 for RSTP.

·          BPDU type—The value is 0x02 for RSTP BPDUs.

·          Flags—All 8 bits are used.

·          Version1 length—The value is 0x00, which means no version 1 protocol information is present.

RSTP does not use TCN BPDUs to advertise topology changes. RSTP floods BPDUs with the TC flag set in the network to advertise topology changes.

Basic concepts in RSTP

Port roles

In addition to root port and designated port, RSTP also uses the following port roles:

·          Alternate port—Acts as the backup port for a root port. When the root port is blocked, the alternate port takes over.

·          Backup port—Acts as the backup port of a designated port. When the designated port is invalid, the backup port becomes the new designated port. A loop occurs when two ports of the same spanning tree device are connected, so the device blocks one of the ports. The blocked port is the backup port.

·          Edge port—Directly connects to a user host rather than a network device or network segment.

Port states

RSTP uses the discarding state to replace the disabled, blocking, and listening states in STP. Table 9 shows the differences between the port states in RSTP and STP.

Table 9 Port state differences between RSTP and STP

STP port state

RSTP port state

Sends BPDU

Learns MAC addresses

Forwards user data

Disabled

Discarding

No

No

No

Blocking

Discarding

No

No

No

Listening

Discarding

Yes

No

No

Learning

Learning

Yes

Yes

No

Forwarding

Forwarding

Yes

Yes

Yes

 

How RSTP works

During RSTP calculation, the following events occur:

·          If a port in discarding state becomes an alternate port, it retains its state.

·          If a port in discarding state is elected as the root port or designated port, it enters the learning state after the forward delay. The port learns MAC addresses, and enters the forwarding state after another forward delay.

?  A newly elected RSTP root port rapidly enters the forwarding state if the following requirements are met:

-      The old root port on the device has stopped forwarding data.

-      The upstream designated port has started forwarding data.

?  A newly elected RSTP designated port rapidly enters the forwarding state if one of the following requirements is met:

-      The designated port is configured as an edge port which directly connects to a user terminal.

-      The designated port connects to a point-to-point link and receives a handshake response from the directly connected device.

RSTP BPDU processing

In RSTP, a non-root bridge actively sends RSTP BPDUs at the hello time through designated ports without waiting for the root bridge to send RSTP BPDUs. This enables RSTP to quickly detect link failures. If a device fails to receive any RSTP BPDUs on a port within triple the hello time, the device considers that a link failure has occurred. After the stored configuration BPDU expires, the device floods RSTP BPDUs with the TC flag set to initiate a new RSTP calculation.

In RSTP, a port in blocking state can immediately respond to an RSTP BPDU with a lower priority than its own BPDU.

As shown in Figure 27, Device A is the root bridge. The priority of Device B is higher than the priority of Device C. Port C2 on Device C is blocked.

When the link between Device A and Device B fails, the following events occur:

1.        Device B sends an RSTP BPDU with itself as the root bridge to Device C.

2.        Device C compares the RSTP BPDU with its own BPDU.

3.        Because the RSTP BPDU from Device B has a lower priority, Device C sends its own BPDU to Device B.

4.        Device B considers that Port B2 is the root port and stops sending RSTP BPDUs to Device C.

Figure 27 BPDU processing in RSTP

 

PVST

In an STP- or RSTP-enabled LAN, all bridges share one spanning tree. Traffic from all VLANs is forwarded along the spanning tree, and ports cannot be blocked on a per-VLAN basis to prune loops.

PVST allows every VLAN to have its own spanning tree, which increases usage of links and bandwidth. Because each VLAN runs RSTP independently, a spanning tree only serves its VLAN.

A PVST-enabled H3C device can communicate with a third-party device that is running Rapid PVST or PVST. The PVST-enabled H3C device supports fast network convergence like RSTP when connected to PVST-enabled H3C devices or third-party devices enabled with Rapid PVST.

PVST protocol frames

As shown in Figure 28, a PVST BPDU uses the same format as an RSTP BPDU except the following differences:

·          The destination MAC address of a PVST BPDU is 01-00-0c-cc-cc-cd, which is a private MAC address.

·          Each PVST BPDU carries a VLAN tag. The VLAN tag identifies the VLAN to which the PVST BPDU belongs.

·          The organization code and PID fields are added to the LLC header of the PVST BPDU.

Figure 28 PVST BPDU format

 

A port's link type determines the type of BPDUs the port sends.

·          An access port sends RSTP BPDUs.

·          A trunk or hybrid port sends RSTP BPDUs in the default VLAN and sends PVST BPDUs in other VLANs.

Basic concepts in PVST

PVST uses the same port roles and port states as RSTP for fast convergence. For more information, see "Basic concepts in RSTP."

How PVST works

In PVST, each VLAN runs RSTP independently to maintain its own spanning tree without affecting the spanning trees of other VLANs. In this way, loops in each VLAN are eliminated and traffic of different VLANs is load shared over links. PVST uses RSTP BPDUs in the default VLAN and PVST BPDUs in other VLANs for spanning tree calculation. H3C PVST implements per-VLAN spanning tree calculation by mapping each VLAN to an MSTI.

MSTP

MSTP overcomes the following STP, RSTP, and PVST limitations:

·          STP limitations—STP does not support rapid state transition of ports. A newly elected port must wait twice the forward delay time before it transits to the forwarding state.

·          RSTP limitations—Although RSTP enables faster network convergence than STP, RSTP fails to provide load balancing among VLANs. As with STP, all RSTP bridges in a LAN share one spanning tree and forward frames from all VLANs along this spanning tree.

·          PVST limitations—Because each VLAN has its spanning tree, the amount of PVST BPDUs is proportional to the number of VLANs on a trunk or hybrid port. When the trunk or hybrid port permits too many VLANs, both resources and calculations for maintaining the VLAN spanning trees increase dramatically. If a status change occurs on the trunk or hybrid port that permits multiple VLANs, the device CPU will be overburdened with recalculating the affected spanning trees. As a result, network performance is degraded.

MSTP features

Developed based on IEEE 802.1s, MSTP overcomes the limitations of STP, RSTP, and PVST. In addition to supporting rapid network convergence, it allows data flows of different VLANs to be forwarded along separate paths. This provides a better load sharing mechanism for redundant links.

MSTP provides the following features:

·          MSTP divides a switched network into multiple regions, each of which contains multiple spanning trees that are independent of one another.

·          MSTP supports mapping VLANs to spanning tree instances by means of a VLAN-to-instance mapping table. MSTP can reduce communication overheads and resource usage by mapping multiple VLANs to one instance.

·          MSTP prunes a loop network into a loop-free tree, which avoids proliferation and endless cycling of frames in a loop network. In addition, it supports load balancing of VLAN data by providing multiple redundant paths for data forwarding.

·          MSTP is compatible with STP and RSTP, and partially compatible with PVST.

MSTP protocol frames

Figure 29 shows the format of an MSTP BPDU.

Figure 29 MSTP BPDU format

 

The first 13 fields of an MSTP BPDU are the same as an RSTP BPDU. The other six fields are unique to MSTP.

·          Protocol version IDThe value is 0x03 for MSTP.

·          BPDU typeThe value is 0x02 for RSTP/MSTP BPDUs.

·          Root IDID of the common root bridge.

·          Root path costCIST external path cost.

·          Bridge IDID of the regional root for the IST or an MSTI.

·          Port IDID of the designated port in the CIST.

·          Version3 lengthLength of the MSTP-specific fields. Devices use this field for verification upon receiving an MSTP BPDU.

·          MST configuration IDIncludes the format selector, configuration name, revision level, and configuration digest. The value for format selector is fixed at 0x00. The other parameters are used to identify the MST region for the originating bridge.

·          CIST IRPCInternal root path cost (IRPC) from the originating bridge to the root of the MST region.

·          CIST bridge IDID of the bridge that sends the MSTP BPDU.

·          CIST remaining IDRemaining hop count. This field limits the scale of the MST region. The regional root sends a BPDU with the remaining hop count set to the maximum value. Each device that receives the BPDU decrements the hop count by one. When the hop count reaches zero, the BPDU is discarded. Devices beyond the maximum hops of the MST region cannot participate in spanning tree calculation. The default remaining hop count is 20.

·          MSTI configuration messagesContains MSTI configuration messages. Each MSTI configuration message is 16 bytes. This field can contain 0 to 64 MSTI configuration messages. The number of the MSTI configuration messages is determined by the number of MSTIs in the MST region.

MSTP basic concepts

Figure 30 shows a switched network that contains four MST regions, each MST region containing four MSTP devices. Figure 31 shows the networking topology of MST region 3.

Figure 30 Basic concepts in MSTP 

 

Figure 31 Network diagram and topology of MST region 3

 

MST region

A multiple spanning tree region (MST region) consists of multiple devices in a switched network and the network segments among them. All these devices have the following characteristics:

·          A spanning tree protocol enabled

·          Same region name

·          Same VLAN-to-instance mapping configuration

·          Same MSTP revision level

·          Physically linked together

Multiple MST regions can exist in a switched network. You can assign multiple devices to the same MST region, as shown in Figure 30.

·          The switched network contains four MST regions, MST region 1 through MST region 4.

·          All devices in each MST region have the same MST region configuration.

MSTI

MSTP can generate multiple independent spanning trees in an MST region, and each spanning tree is mapped to the specific VLANs. Each spanning tree is referred to as a multiple spanning tree instance (MSTI).

In Figure 31, MST region 3 contains three MSTIs, MSTI 1, MSTI 2, and MSTI 0.

VLAN-to-instance mapping table

As an attribute of an MST region, the VLAN-to-instance mapping table describes the mapping relationships between VLANs and MSTIs.

In Figure 31, the VLAN-to-instance mapping table of MST region 3 is as follows:

·          VLAN 1 to MSTI 1.

·          VLAN 2 and VLAN 3 to MSTI 2.

·          Other VLANs to MSTI 0.

MSTP achieves load balancing by means of the VLAN-to-instance mapping table.

CST

The common spanning tree (CST) is a single spanning tree that connects all MST regions in a switched network. If you regard each MST region as a device, the CST is a spanning tree calculated by these devices through STP or RSTP.

The blue lines in Figure 30 represent the CST.

IST

An internal spanning tree (IST) is a spanning tree that runs in an MST region. It is also called MSTI 0, a special MSTI to which all VLANs are mapped by default.

In Figure 30, MSTI 0 is the IST in MST region 3.

CIST

The common and internal spanning tree (CIST) is a single spanning tree that connects all devices in a switched network. It consists of the ISTs in all MST regions and the CST.

In Figure 30, the ISTs (MSTI 0) in all MST regions plus the inter-region CST constitute the CIST of the entire network.

Regional root

The root bridge of the IST or an MSTI within an MST region is the regional root of the IST or MSTI. Based on the topology, different spanning trees in an MST region might have different regional roots, as shown in MST region 3 in Figure 31.

·          The regional root of MSTI 1 is Device B.

·          The regional root of MSTI 2 is Device C.

·          The regional root of MSTI 0 (also known as the IST) is Device A.

Common root bridge

The common root bridge is the root bridge of the CIST.

In Figure 30, the common root bridge is a device in MST region 1.

Port roles

A port can play different roles in different MSTIs. As shown in Figure 32, an MST region contains Device A, Device B, Device C, and Device D. Port A1 and port A2 of Device A connect to the common root bridge. Port B2 and Port B3 of Device B form a loop. Port C3 and Port C4 of Device C connect to other MST regions. Port D3 of Device D directly connects to a host.

Figure 32 Port roles

 

MSTP calculation involves the following port roles:

·          Root port—Forwards data for a non-root bridge to the root bridge. The root bridge does not have any root port.

·          Designated port—Forwards data to the downstream network segment or device.

·          Alternate port—Acts as the backup port for a root port or master port. When the root port or master port is blocked, the alternate port takes over.

·          Backup port—Acts as the backup port of a designated port. When the designated port is invalid, the backup port becomes the new designated port. A loop occurs when two ports of the same spanning tree device are connected, so the device blocks one of the ports. The blocked port acts as the backup.

·          Edge port—Directly connects to a user host rather than a network device or network segment.

·          Master port—Acts as a port on the shortest path from the local MST region to the common root bridge. The master port is not always located on the regional root. It is a root port on the IST or CIST and still a master port on the other MSTIs.

·          Boundary port—Connects an MST region to another MST region or to an STP/RSTP-running device. In MSTP calculation, a boundary port's role on an MSTI is consistent with its role on the CIST. However, that is not true with master ports. A master port on MSTIs is a root port on the CIST.

Port states

In MSTP, a port can be in one of the following states:

·          Forwarding—The port receives and sends BPDUs, learns MAC addresses, and forwards user traffic.

·          Learning—The port receives and sends BPDUs, learns MAC addresses, but does not forward user traffic. Learning is an intermediate port state.

·          Discarding—The port receives and sends BPDUs, but does not learn MAC addresses or forward user traffic.

 

 

NOTE:

When in different MSTIs, a port can be in different states.

 

A port state is not exclusively associated with a port role. Table 10 lists the port states that each port role supports. (A check mark [√] indicates that the port supports this state, while a dash [—] indicates that the port does not support this state.)

Table 10 Port states that different port roles support

Port role (right)

Port state (below)

Root port/master port

Designated port

Alternate port

Backup port

Forwarding

Learning

Discarding

 

How MSTP works

MSTP divides an entire Layer 2 network into multiple MST regions, which are connected by a calculated CST. Inside an MST region, multiple spanning trees, called MSTIs, are calculated. Among these MSTIs, MSTI 0 is the IST.

Like STP, MSTP uses configuration BPDUs to calculate spanning trees. An important difference is that an MSTP BPDU carries the MSTP configuration of the bridge from which the BPDU is sent.

CIST calculation

During the CIST calculation, the following process takes place:

·          The device with the highest priority is elected as the root bridge of the CIST.

·          MSTP generates an IST within each MST region through calculation.

·          MSTP regards each MST region as a single device and generates a CST among these MST regions through calculation.

The CST and ISTs constitute the CIST of the entire network.

MSTI calculation

Within an MST region, MSTP generates different MSTIs for different VLANs based on the VLAN-to-instance mappings. For each spanning tree, MSTP performs a separate calculation process similar to spanning tree calculation in STP. For more information, see "Calculation process of the STP algorithm."

In MSTP, a VLAN frame is forwarded along the following paths:

·          Within an MST region, the frame is forwarded along the corresponding MSTI.

·          Between two MST regions, the frame is forwarded along the CST.

MSTP implementation on devices

MSTP is compatible with STP and RSTP. Devices that are running MSTP and that are used for spanning tree calculation can identify STP and RSTP protocol frames.

In addition to basic MSTP features, the following features are provided for ease of management:

·          Root bridge hold

·          Root bridge backup

·          Root guard

·          BPDU guard

·          Loop guard

·          TC-BPDU guard

·          Port role restriction

·          TC-BPDU transmission restriction

Rapid transition mechanism

In STP, a port must wait twice the forward delay (30 seconds by default) before it transits from the blocking state to the forwarding state. The forward delay is related to the hello time and network diameter. If the forward delay is too short, loops might occur. This affects the stability of the network.

RSTP, PVST, and MSTP all use the rapid transition mechanism to speed up port state transition for edge ports, root ports, and designated ports. The rapid transition mechanism for designated ports is also known as the proposal/agreement (P/A)_transition.

Edge port rapid transition

As shown in Figure 33, Port C3 is an edge port connected to a host. When a network topology change occurs, the port can immediately transit from the blocking state to the forwarding state because no loop will be caused.

Because a device cannot determine whether a port is directly connected to a terminal, you must manually configure the port as an edge port.

Figure 33 Edge port rapid transition

 

Root port rapid transition

When a root port is blocked, the bridge will elect the alternate port with the highest priority as the new root port. If the new root port's peer is in the forwarding state, the new root port immediately transits to the forwarding state.

As shown in Figure 34, Port C2 on Device C is a root port and Port C1 is an alternate port. When Port C2 transits to the blocking state, Port C1 is elected as the root port and immediately transits to the forwarding state.

Figure 34 Root port rapid transition

 

P/A transition

The P/A transition enables a designated port to rapidly transit to the forwarding state after a handshake with its peer. The P/A transition applies only to point-to-point links.

·          P/A transition for RSTP and PVST.

In RSTP or PVST, the ports on a new link or recovered link are designated ports in blocking state. When one of the designated ports transits to the discarding or learning state, it sets the proposal flag in its BPDU. Its peer bridge receives the BPDU and determines whether the receiving port is the root port. If it is the root port, the bridge blocks the other ports except edge ports. The bridge then replies an agreement BPDU to the designated port. The designated port immediately transits to the forwarding state upon receiving the agreement BPDU. If the designated port does not receive the agreement BPDU, it waits for twice the forward delay to transit to the forwarding state.

As shown in Figure 35, the P/A transition operates as follows:

a.    Device A sends a proposal BPDU to Device B through Port A1.

b.    Device B receives the proposal BPDU on Port B2. Port B2 is elected as the root port.

c.    Device B blocks its designated port Port B1 and alternate port Port B3 to eliminate loops.

d.    The root port Port B2 transits to the forwarding state and sends an agreement BPDU to Device A.

e.    The designated port Port A1 on Device A immediately transits to the forwarding state after receiving the agreement BPDU.

Figure 35 P/A transition for RSTP and PVST

 

·          P/A transition for MSTP.

In MSTP, an upstream bridge sets both the proposal and agreement flags in its BPDU. If a downstream bridge receives the BPDU and its receiving port is elected as the root port, the bridge blocks all the other ports except edge ports. The downstream bridge then replies an agreement BPDU to the upstream bridge. The upstream port immediately transits to the forwarding state upon receiving the agreement BPDU. If the upstream port does not receive the agreement BPDU, it waits for twice the forward delay to transit to the forwarding state.

As shown in Figure 36, the P/A transition operates as follows:

a.    Device A sets the proposal and agreement flags in its BPDU and sends it to Device B through Port A1.

b.    Device B receives the BPDU. Port B1 of Device B is elected as the root port.

c.    Device B then blocks all its ports except the edge ports.

d.    The root port Port B1 of Device B transits to the forwarding state and sends an agreement BPDU to Device A.

e.    Port A1 of Device A immediately transits to the forwarding state upon receiving the agreement BPDU.

Figure 36 P/A transition for MSTP

 

Protocols and standards

MSTP is documented in the following protocols and standards:

·          IEEE 802.1d, Media Access Control (MAC) Bridges

·          IEEE 802.1w, Part 3: Media Access Control (MAC) Bridges—Amendment 2: Rapid Reconfiguration

·          IEEE 802.1s, Virtual Bridged Local Area Networks—Amendment 3: Multiple Spanning Trees

·          IEEE 802.1Q-REV/D1.3, Media Access Control (MAC) Bridges and Virtual Bridged Local Area Networks —Clause 13: Spanning tree Protocols

Spanning tree configuration task lists

Before configuring a spanning tree, complete the following tasks:

·          Determine the spanning tree protocol to be used (STP, RSTP, PVST, or MSTP).

·          Plan the device roles (the root bridge or leaf node).

When you configure spanning tree protocols, follow these restrictions and guidelines:

·          The spanning tree configurations are mutually exclusive with any of the following features on a port: service loopback group, RRPP, and Smart Link.

·          Configurations made in system view take effect globally. Configurations made in Ethernet interface view take effect only on the interface. Configurations made in Layer 2 aggregate interface view take effect only on the aggregate interface. Configurations made on an aggregation member port can take effect only after the port is removed from the aggregation group.

·          After you enable a spanning tree protocol on a Layer 2 aggregate interface, the system performs spanning tree calculation on the Layer 2 aggregate interface. It does not perform spanning tree calculation on the aggregation member ports. The spanning tree protocol enable state and forwarding state of each selected member port is consistent with those of the corresponding Layer 2 aggregate interface.

·          The member ports of an aggregation group do not participate in spanning tree calculation. However, the ports still reserve their spanning tree configurations for participating in spanning tree calculation after leaving the aggregation group.

STP configuration task list

Tasks at a glance

Configuring the root bridge:

·         (Required.) Setting the spanning tree mode

·         (Optional.) Configuring the root bridge or a secondary root bridge

·         (Optional.) Configuring the device priority

·         (Optional.) Configuring the network diameter of a switched network

·         (Optional.) Setting spanning tree timers

·         (Optional.) Setting the timeout factor

·         (Optional.) Configuring the BPDU transmission rate

·         (Optional.) Enabling outputting port state transition information

·         (Required.) Enabling the spanning tree feature

Configuring the leaf nodes:

·         (Required.) Setting the spanning tree mode

·         (Optional.) Configuring the device priority

·         (Optional.) Setting the timeout factor

·  &