HPE Synergy 40Gb F8 Switch Module VLAN Configuration

HPE Synergy 40Gb F8 Switch Module
VLAN Configuration
Abstract
This document is intended for the person who configures HPE Synergy 40Gb F8 Switch Modules.
20141024a
March 2017
Edition: 1
© Copyright 2016, 2017 Hewlett Packard Enterprise Development LP
The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the
express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett
Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein.
Links to third-party websites take you outside the Hewlett Packard Enterprise website. Hewlett Packard Enterprise has no control over and is not responsible for
information outside the Hewlett Packard Enterprise website.
Confidential computer software. Valid license from Hewlett Packard Enterprise required for possession, use or copying. Consistent with FAR 12.211 and 12.212,
Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under
vendor’s standard commercial license.
Contents
CHAPTER 1:
VLAN CONFIGURATION__________________________________________ 1 Abstract ------------------------------------------------------------------------------------------ 1 CHAPTER 2:
INTRODUCTION ________________________________________________ 7 PURPOSE AND SCOPE .............................................................................................7 ACRONYMS ............................................................................................................7 REFERENCES .........................................................................................................8 DOCUMENT CONVENTIONS ......................................................................................8 GENERAL CONFIGURATIONS ....................................................................................8 CHAPTER 3:
PROTOCOL DESCRIPTION _______________________________________ 9 CHAPTER 4:
VLAN CONFIGURATION_________________________________________ 10 CONFIGURING GUIDELINES ....................................................................................10 DEFAULT CONFIGURATIONS ..................................................................................12 CONFIGURING STATIC VLAN .................................................................................12 DELETING A VLAN ................................................................................................15 ENABLING VLANS ................................................................................................15 Using the VLAN active Command ......................................................................15 ENABLING SERVICE LOOPBACK OF A VLAN............................................................15 DISABLING SERVICE LOOPBACK OF A VLAN ...........................................................16 CONFIGURING STATIC UNICAST ENTRY ..................................................................17 CONFIGURING STATIC MULTICAST ENTRY ..............................................................18 CONFIGURING VLAN LEARNING MODE AND TYPE ..................................................19 CONFIGURING DYNAMIC VLAN LEARNING..............................................................22 CONFIGURING DYNAMIC MULTICAST LEARNING ......................................................24 CONFIGURING RESTRICTED VLAN REGISTRATION .................................................26 CONFIGURING RESTRICTED GROUP REGISTRATION ................................................30 CHANGING THE FORWARDING MODE......................................................................33 Forward-all..........................................................................................................33 Forward-Unregistered ........................................................................................34 CLASSIFYING FRAMES TO A VLAN .........................................................................35 Port Based Classification ...................................................................................35 Port and Protocol Based Classification ..............................................................36 MAC Based Classification ..................................................................................37 ENABLING TUNNELING ON A PORT .........................................................................39 Tunneling of STP Packets ..................................................................................41 SERVICE CLASSES AND EXPEDITED TRAFFIC HANDLING .........................................41 Configuring VLAN Max Traffic Class ..................................................................42 Mapping Priority to Traffic Class ........................................................................42 CONFIGURING PORT FILTERING .............................................................................43 Configuring Acceptable Frametype ....................................................................43 Configuring Ingress Filtering ..............................................................................44 Configuring Filtering Utility Criteria .....................................................................46 Configuring WildCard Entry ................................................................................47 CONFIGURING VLAN COUNTER STATUS ................................................................47 CHAPTER 5:
BRIDGE MODE CONFIGURATION _________________________________ 48 CONFIGURING BRIDGE MODE DURING SYSTEM INITIALIZATION ................................49 CONFIGURING BRIDGE MODE DURING SYSTEM RUNTIME ........................................50 CHAPTER 6:
PROVIDER BRIDGE CONFIGURATIONS ___________________________ 51 CONFIGURING PROVIDER BRIDGE PORT TYPES ......................................................51 CONFIGURING C-VLAN COMPONENT ....................................................................52 Provider Edge Port Configurations .....................................................................52 1
Creating a Provider Edge Port ------------------------------------------------------------- 52 Setting the Operational Status of Provider Edge Port -------------------------------- 54 Configuring Provider Edge Port Parameters ------------------------------------------- 54 C-VLAN Component Spanning Tree Configurations..........................................56 Configuration of C-VLAN Component Spanning Tree Parameters --------------- 56 Configuring C-VLAN Spanning Tree Module Status --------------------------------- 56 CONFIGURING S-VLAN COMPONENT.....................................................................58 CONFIGURING A FLOW FOR 802.1AD BRIDGE PORT TYPE .......................................60 Achieving Connectivity through CEP..................................................................60 Achieving Transparent Connectivity through CNP (Port Based) .......................61 HANDLING PRIORITY IN PROVIDER BRIDGES ...........................................................61 Configuring PCP Encoding Table.......................................................................61 Configuring PCP Decoding Table ......................................................................62 Configuring PCP Selection Row.........................................................................63 Configuring Service Priority Regeneration Table ...............................................64 Configuring Use DEI ...........................................................................................65 CONFIGURING VLAN TRANSLATION TABLE ............................................................66 TUNNELING IN PROVIDER NETWORK ......................................................................68 Tunneling Spanning Tree Protocol .....................................................................68 Tunneling GVRP Protocol ..................................................................................69 Tunneling GMRP Protocol ..................................................................................69 Tunneling IGMP Protocol ...................................................................................69 Tunneling DOT1X Protocol ................................................................................69 Tunneling LACP Protocol ...................................................................................69 Configuring Tunnel MAC Address ......................................................................70 PROTOCOL TUNNELING IN CUSTOMER BRIDGES .....................................................71 CONFIGURING PORT MAC LEARNING STATUS AND LIMIT ........................................72 CONFIGURING STATIC MULTICAST MAC LIMIT .........................................................73 CONFIGURING ETHER TYPE SWAP TABLE ..............................................................73 CONFIGURING CUSTOMER PORT VLAN ID .............................................................74 CONFIGURING S-VLAN .........................................................................................75 CONFIGURING INGRESS AND EGRESS ETHER TYPE ................................................76 Configuring Additional Ingress Ether Types .......................................................77 Configuring Vlan Based Egress Ether Type .......................................................79 CONFIGURING PROPRIETARY PORT TYPES ............................................................81 CONFIGURING S-VLAN PRIORITY TYPE AND S-VLAN PRIORITY ................................82 CHAPTER 7:
CONFIGURATION OF ICMWITH MULTIPLE INSTANCE _______________ 84 DISPLAYING VARIOUS CONFIGURATIONS ................................................................87 CHAPTER 8:
FLOW BASED CONFIGURATION _________________________________ 88 CONFIGURING STATIC UNICAST ENTRY ..................................................................88 Configuration Guidelines ....................................................................................89 Default Configurations ........................................................................................89 CONFIGURING STATIC MULTICAST ENTRY ..............................................................90 Configuration Guidelines ....................................................................................90 Default Configurations ........................................................................................90 Configuration Steps ............................................................................................90 Dynamic VLAN Learning ....................................................................................92 Configuration Guidelines -------------------------------------------------------------------- 92 Default Configurations ----------------------------------------------------------------------- 93 Configuration Steps--------------------------------------------------------------------------- 93 Configuring Restricted VLAN Registration .........................................................94 Configuration Guidelines -------------------------------------------------------------------- 94 Default Configurations ----------------------------------------------------------------------- 94 Configuration Steps--------------------------------------------------------------------------- 94 Dynamic Multicast Group Learning ....................................................................96 2
CONTENTS
Configuration Guidelines -------------------------------------------------------------------- 96 Default Configurations ----------------------------------------------------------------------- 96 Configuration Steps--------------------------------------------------------------------------- 96 Configuring Restricted Group Registration ........................................................98 Configuration Guidelines -------------------------------------------------------------------- 98 Default Configurations ----------------------------------------------------------------------- 98 Configuration Steps--------------------------------------------------------------------------- 98 FORWARD–ALL ...................................................................................................101 Configuration Guidelines ..................................................................................101 Default Configurations ......................................................................................102 Configuration Steps ..........................................................................................102 CLASSIFYING VLAN ............................................................................................104 PVID Based Classification ................................................................................104 Configuration Guidelines ------------------------------------------------------------------- 104 Default Configurations ---------------------------------------------------------------------- 104 Configuration Steps-------------------------------------------------------------------------- 104 Port and MAC Based Classification .................................................................107 Configuration Guidelines ------------------------------------------------------------------- 108 Default Configurations ---------------------------------------------------------------------- 108 Configuration Steps-------------------------------------------------------------------------- 108 Port and protocol Based Classification.............................................................110 Configuration Guidelines ------------------------------------------------------------------- 110 Default Configurations ---------------------------------------------------------------------- 110 Configuration Steps-------------------------------------------------------------------------- 110 CONFIGURING ACCEPTABLE FRAME TYPES ..........................................................112 Configuration Guidelines ..................................................................................112 Default Configurations ......................................................................................113 Configuration Steps ..........................................................................................113 CONFIGURING INGRESS FILTERING ......................................................................115 Configuration Guidelines ..................................................................................115 Default Configurations ......................................................................................115 Configuration Steps ..........................................................................................115 CHAPTER 9:
FLOW BASED PROVIDER BRIDGE CONFIGURATION _______________ 117 CONFIGURING SERVICE USING C-VLAN BASED SERVICE INTERFACE AND PORTBASED SERVICE INTERFACE......................................................................118 Configuration Guidelines ..................................................................................118 Default Configurations ......................................................................................118 Configuration Steps ..........................................................................................118 TRANSLATING VLAN IN PROVIDER NETWORKS.....................................................126 Configuration Guidelines ..................................................................................126 Default Configurations ......................................................................................126 Configuration Steps ..........................................................................................127 CONFIGURING PCP DECODING AND ENCODING TABLE .........................................130 Configuration Guidelines ..................................................................................130 Default Configurations ......................................................................................130 Configuration Steps ..........................................................................................130 CONFIGURING PROVIDER EDGE PORT CONFIGURATIONS AND SERVICE PRIORITY
REGENERATION TABLE .............................................................................132 Configuration Guidelines ..................................................................................132 Default Configurations ......................................................................................132 Configuration Steps ..........................................................................................132 TUNNELING OF CUSTOMER STP PACKETS AND CUSTOMER GVRP PROTOCOL
PACKETS – PROVIDER BRIDGES ................................................................134 Configuration Guidelines ..................................................................................134 Default Configurations ......................................................................................135 Configuration Steps ..........................................................................................135 3
TUNNELING OF DOT1X PROTOCOL IN PROVIDER BRIDGES ....................................141 Configuration Guidelines ..................................................................................141 Default Configurations ......................................................................................141 Configuration Steps ..........................................................................................141 TUNNELING OF CUSTOMER STP PACKETS AND CUSTOMER GVRP PROTOCOL
PACKETS – CUSTOMER BRIDGES ..............................................................147 Configuration Guidelines ..................................................................................147 Default Configurations ......................................................................................147 Configuration Steps ..........................................................................................147 TUNNELING OF DOT1X PROTOCOL IN PROVIDER BRIDGES ....................................154 Configuration Guidelines ..................................................................................154 Default Configurations ......................................................................................155 Configuration Steps ..........................................................................................155 TUNNELING OF EOAM PROTOCOL IN PROVIDER BRIDGES ....................................160 Configuration Guidelines ..................................................................................160 Default Configurations ......................................................................................161 Configuration Steps ..........................................................................................161 INTEROPERABILITY BETWEEN 1AD BRIDGE AND Q-IN-Q BRIDGE ...........................165 Configuration Guidelines ..................................................................................165 Default Configurations ......................................................................................165 Configuration steps...........................................................................................165 CONFIGURING PORT UNICAST MAC STATUS AND MAC LIMIT .................................169 Configuration Guidelines ..................................................................................169 Default Configurations ......................................................................................169 Configuration Steps ..........................................................................................169 CONFIGURING VLAN UNICAST MAC STATUS AND MAC LIMIT ................................171 Configuration Guidelines ..................................................................................171 Default Configurations ......................................................................................171 Configuration Steps ..........................................................................................171 APPENDIX: A.
APPENDIX: ADDITIONAL INFORMATION _________________________ 173 A.1 Customer Controlled Provider Bridges ................................................173 A.2 Proprietary Provider Network Port .......................................................173 CHAPTER 10:
SUPPORT AND OTHER RESOURCES ____________________________ 174 ACCESSING HEWLETT PACKARD ENTERPRISE SUPPORT.......................................174 Information to collect ........................................................................................174 ACCESSING UPDATES ..........................................................................................174 WEBSITES ..........................................................................................................174 REMOTE SUPPORT ..............................................................................................175 4
Figures
Figure 1: Topology for VLAN Configuration ................................................................................................ 12 Figure 2: A Simple Deployment Scenario for 802.1ad Bridges ................................................................... 60 Figure 3: Setup for Configuring ICMwith MI ................................................................................................ 84 Figure 4: Topology 1.................................................................................................................................... 88 Figure 5: Topology 2.................................................................................................................................... 88 Figure 6: Dot1ad Bridge Configuration Topology ...................................................................................... 117 Figure 7: Topology 3.................................................................................................................................. 169 5
Tables
Table 1: Acronyms used in the document ..................................................................................................... 7 Table 2: Document Conventions ................................................................................................................... 8 Table 3: General Configurations ................................................................................................................... 8 Table 4: Default Configurations ................................................................................................................... 12 Table 5: Bridge Mode values in issnvram.txt............................................................................................... 49 Table 6: Configuration for Topology 1 ......................................................................................................... 88 Table 7: Configuration for Topology 2 ......................................................................................................... 88 6
Introduction
Purpose and Scope
The HPE VLAN product facilitates grouping of devices on different physical
LAN segments, which can communicate with each other as if they are all on
the same physical LAN segment, i.e. a network of computers that behave as
if they are connected to the same wire even though they may actually be
physically located on different segments of a LAN. VLANS are configured
through software rather than hardware, making them extremely flexible. This
document describes the configuration of VLAN on a switch running HPE ICM.
Acronyms
Table 1: Acronyms used in the document
Acronym
Explanation
BPDU
Bridge Protocol Data Unit
CEP
Customer Edge Port
CNP
Customer Network Port
CVID
Customer VLAN Id
C-VLAN
Customer VLAN
DEI
Drop Eligible Indicator
E-LAN
Multipoint to Multipoint connectivity
E-LINE
Point to Point connectivity
FID
Filtering Identifier
GARP
Generic Attribute Registration Protocol
GMRP
GARP Multicast Registration Protocol
GVRP
GARP VLAN Registration Protocol
ID
Identifier
ICM
Interconnect module
IVL
Independent VLAN Learning
LAN
Local Area Network
MI
Multiple Instance
PCB
Provider Core Bridge
PCEP
Proprietary Customer Edge Port
PCNP
Proprietary Customer Network Port
PCP
Priority Code Point
PEB
Provider Edge Bridge
PEP
Provider Edge Port
Acronym
Explanation
PNAC
Port Based Network Authentication Protocol
PNP
Provider Network Port
PPNP
Proprietary Provider Network Port
PVID
Port VLAN ID
RSTP
Rapid Spanning Tree Protocol
STP
Spanning Tree Protocol
SVL
Shared VLAN Learning
S-VLAN
Service VLAN
VID
VLAN Identifier
VLAN
Virtual Local Area Network
References
HPE Synergy 40Gb F8 Switch Module Command Line Interface (CLI) Guide
Document Conventions
Table 2: Document Conventions
Convention
Usage
Arial 10 Bold
CLI commands
Arial 10 Italics
User inputs for CLI commands
Courier New 10 Regular,
blue color
CLI command outputs

Notes / Guidelines / Pre-requisites
Output areas specific to the configuration
General Configurations
The following table provides the access and exit methods to various general
configuration modes.
Table 3: General Configurations
Command Mode
Access Method
Prompt
Exit method
User EXEC
This is the initial mode
to start a session.
switch>
The logout method is used.
Privileged EXEC
The User EXEC mode
command enable, is
used to enter the
Privileged EXEC mode.
switch#
To return from the
Privileged EXEC mode to
User EXEC mode, the
disable command is used.
Global Configuration
The Privileged EXEC
mode command
configure terminal, is
switch(config)#
To exit to the Global
Configuration Mode, the
exit command is used and
8
Command Mode
Access Method
used to enter the
Global Configuration
Mode.
Prompt
Exit method
to exit to the Privileged
EXEC mode, the end
command is used.
Interface
Configuration
The Global
Configuration Mode
command interface
<interfacetype><interface-id>, is
used to enter the
Interface Configuration
Mode.
switch(config-if)#
To exit to the Global
Configuration Mode, the
exit command is used and
to exit to the Privileged
EXEC mode, the end
command is used.
VLAN Configuration
The Global
Configuration Mode
command VLAN
<vlanid>, is used to
enter the VLAN
configuration mode
switch(config-vlan)#
To exit to the Global
Configuration Mode, the
exit command is used and
to exit to the Privileged
EXEC mode, the end
command is used
Protocol Description
Virtual LAN (VLAN) technology, defined under the IEEE 802.1q
specifications, allows enterprises to extend the reach of their corporate
networks across WAN. VLANs enable partitioning of a LAN based on
functional requirements, while maintaining connectivity across all devices on
the network. VLAN groups network devices and enable them to behave as if,
they are in one single network. Data security is ensured by keeping the data
exchanged between the devices of a particular VLAN within the same
network.
VLAN offers a number of advantages over traditional LAN. They are:
1. Performance
In networks with traffic consisting of a high percentage of broadcasts and
multicasts, VLAN minimizes the possibility of sending the broadcast and
multicast traffic to unnecessary destinations.
2. Formation of Virtual Workgroups
VLAN helps in forming virtual workgroups. During this period,
communication between the members of the workgroup will be high.
Broadcasts and multicasts can be restricted within the workgroup.
3. Simplified Administration
Most of the network costs are a result of adds, moves, and changes of
users in the network. Every time a user is moved in a LAN, recabling,
new station addressing, and reconfiguration of hubs and routers
becomes necessary. Some of these tasks can be simplified with the use
of VLANs.
4. Reduced Cost
VLANs can be used to create broadcast domains, which eliminate the
need for expensive routers.
5. Security
Sensitive data may be periodically broadcast on a network. Placing only
those users, who are allowed to access to such sensitive data on a VLAN
can reduce the chances of an outsider gaining access to the data. VLAN
can also be used to control broadcast domains, set up firewalls, restrict
access, and inform the network manager of an intrusion.
HPE VLAN logically segments the shared media LAN, forming virtual
workgroups. It redefines and optimizes the basic Transparent Bridging
functionalities such as learning, forwarding, filtering and flooding.
VLAN Configuration
The following sections describe the configuration of HPE VLAN running as a
part of HPE ICM.
Configuring Guidelines











VLAN is enabled in the switch by default. GVRP and GMRP must be
disabled prior to disabling VLAN.
The default interface - VLAN 1- cannot be deleted in the switch.
If port GVRP state is disabled, but global GVRP status is enabled, then
GVRP is disabled on current port. GVRP packets received on that port
will be discarded and GVRP registrations from other ports will not be
propagated on this port.
GARP cannot be started, if VLAN is shutdown, and GARP cannot be
shutdown, if GVRP and/or GMRP are enabled.
Mapping of forwarding database identifier (FID) to VLANs is successful
only when, VLAN learning mode is hybrid.
To configure a static unicast/multicast MAC address in the forwarding
database, VLAN must have been configured and member ports must
have been configured for the specified VLAN.
Bridge-mode status cannot be set to provider mode, if the protocol/MAC
based VLAN is enabled.
It is not possible to configure a port as trunk, if the port is an untagged
member of a VLAN.
To enable Dot1q-tunneling status, Bridge Mode must be set to 'provider'..
It is not possible to set the Dot1q-tunnel status on the port, if the port
mode is not 'access' type.
To enable Dot1q tunneling on a port 802.1X (PNAC), port control must
be force-authorized.
10



BPDU tunneling on the port cannot be set; if Dot1q tunnel status is
disabled.
Leave Timer must be two times greater than Join Timer, and Leaveall
Timer must be greater than Leave Timer.
NVE interface should not be mapped with VLAN using "ports" command
and NVE interface should not be removed from VLAN using "no ports"
command. Both mapping and un mapping of NVE interface with VLAN
should be done using VXLAN commands only.
Example:
1. NVE interface can be mapped with VLAN interface using the below
commands;
switch# configure terminal
switch(config)# interface nve1
switch(config-if)# source-interface vtep-ipv4 10.0.0.2
switch(config-if)# member vni 4096 static-vm-mac 00:04:02:03:04:01
remote-vtep-ipv4 10.0.0.3
switch(config-if)# no shutdown
switch(config-if)# end
switch# configure terminal
switch(config)# switch default
switch(config-switch)# vlan 100
switch(config-switch-vlan)# end
switch# configure terminal
switch(config)# interface vlan 100
switch(config-if)# member vni 4096
switch(config-if)# no shutdown
switch(config-if)# end
2. Mapping between VLAN 100 and NVE interface 1 can be viewed using
show vlan command
switch# show vlan
Vlan database
------------Vlan ID
: 100
Member Ports
: nve1
3. Once this mapping is done, NVE interface should not be removed using
the below commands
switch# configure terminal
switch(config)# switch default
switch(config-switch)# vlan 100
switch(config-switch-vlan)# no ports nve 1
switch(config-switch-vlan)# end
Default Configurations
Table 4: Default Configurations
Feature
Default Setting
VLAN Module status
Enable
Default VLAN Id configured in the switch
1
Mac based VLAN Classification
Disabled
Protocol-VLAN based classification
Enabled
System and port level GVRP and GMRP
Module status
Enabled
Mac address table aging time
300 seconds
Acceptable frame types
All (Accepts untagged frames or priority-tagged frames
or tagged frames received on the port)
Ingress filtering
Disabled
Switch port priority
0
Switch port mode
Hybrid
GARP Timers
Join: 20 seconds
Leave: 60 seconds
Leave all: 1000 seconds
Max traffic classes
Maximum number of traffic classes supported on a port
is 8
Tunneling
Disabled
 In case of Provider Bridges, the default configurations and configuration guidelines
are provided in the relevant subsection itself.
A
P2
P1
B
P1
Host A
Figure 1: Topology for VLAN Configuration
Configuring Static VLAN
Static VLAN entries can be configured with the required number of member
ports, untagged ports and forbidden ports. The following configuration deals
with the creation of member ports.
1. Execute the following commands to configure Static VLAN entry in the
switch.
 Enter the Global Configuration Mode.
12
switch# configure terminal
 Enter the VLAN Configuration Mode (for VLAN 2).
switch(config)# vlan 2
 Add member ports for VLAN.
switch(config-vlan)# ports TwentyGigE 0/1/1-5 untagged
TwentyGigE 0/1/3
Member ports represent the set of ports permanently assigned to the
VLAN egress list. Frames belonging to the specified VLAN are
forwarded to the ports in the egress list.
If the port type is not explicitly specified as untagged, then all the
ports are configured to be of tagged port type allowing transmission
of frames with the specified VLAN tag. The untagged setting allows
the port to transmit the frames without a VLAN tag. This setting is
used to configure a port connected to an end user device.
In the above example, the packets for the interface TwentyGigE 0/1/3
are transmitted without the tag. On all the other ports, the packets
are transmitted with the tag.
 Configure port 1 as forbidden port.
switch(config-vlan)# ports TwentyGigE 0/1/1-5 forbidden
TwentyGigE 0/1/1
Alternatively, the forbidden setting prevents the port from
participating in the specified VLAN activity and ensures that, any
dynamic requests for the port to join the VLAN will be ignored.
 Exit from the configuration mode.
switch(config)# end
2. View the VLAN information by executing the following command.
switch# show vlan summary
Number of VLANs: 2
The output displays the number of VLANs in a switch.
3. View the configuration details of all the VLANs by executing the following
show command.
switch# show vlan
VLAN database
------------VLAN ID
: 1
Member Ports
Gi0/5, Gi0/6
: Gi0/1, Gi0/2, Gi0/3, Gi0/4,
Gi0/11, Gi0/12
Gi0/17, Gi0/18
Gi0/23, Gi0/24
Gi0/7, Gi0/8, Gi0/9, Gi0/10,
Gi0/13, Gi0/14, Gi0/15, Gi0/16,
Gi0/19, Gi0/20, Gi0/21, Gi0/22,
Untagged Ports
Gi0/5, Gi0/6
: Gi0/1, Gi0/2, Gi0/3, Gi0/4,
Gi0/7, Gi0/8, Gi0/9, Gi0/10,
Gi0/11, Gi0/12
Gi0/13, Gi0/14, Gi0/15, Gi0/16,
Gi0/17, Gi0/18
Gi0/19, Gi0/20, Gi0/21, Gi0/22,
Gi0/23, Gi0/24
Forbidden Ports
: None
Name
:
Status
: Permanent
---------------------------------------------------VLAN ID
: 2
Member Ports
: Gi0/2, Gi0/3, Gi0/4, Gi0/5
Untagged Ports
: None
Forbidden Ports
: Gi0/1
Name
:
Status
: Permanent
---------------------------------------------------4. View the configuration details of a particular VLAN by executing the
following command.
switch# show vlan id 2
Vlan database
------------Vlan ID
: 2
Member Ports
: TwentyGigE0/1/1
Untagged Ports
: None
Forbidden Ports
: None
Name
:
Status
: Permanent
Egress Ethertype
: 0x8100
Service Loopback Status
: Disabled
VLAN database
------------VLAN ID
: 2
Member Ports
: Gi0/2, Gi0/3, Gi0/4, Gi0/5
Untagged Ports
: None
Forbidden Ports
: Gi0/1
14
Name
:
Status
: Permanent
-------------------------------------------------
Deleting a VLAN
It is possible to delete a VLAN from the VLAN list using the no vlan <vlanid(1-4094)> Global Configuration Mode command.
switch(config)# no vlan 4
 The default VLAN - VLAN 1 - cannot be deleted.
Enabling VLANs
A VLAN can be made active in two ways:


By adding a member port to a VLAN (refer section Configuring Static ) or
By using the vlan active command.
Using the VLAN active Command
The vlan active command is used to make a VLAN active in the switch.

Enter the Global Configuration Mode.
switch#configure terminal

Configure VLAN 2 in the switch.
switch(config)# vlan 2

Execute the following command to enable VLAN.
switch(config-vlan)# vlan active
 If the VLAN active command is used without configuring the member ports, then
VLAN will have zero member ports.
Enabling Service Loopback of a VLAN
1. To configure a VLAN in loopback mode, use the vlan loopback enable
command in VLAN Configuration Mode.
switch#configure terminal
switch(config)# vlan 2
switch(config-vlan)# vlan loopback enable
switch(config-vlan)# end
2. View the service loopback Status of a VLAN by executing the following
command
switch# show vlan
Vlan database
-------------
Vlan ID
: 2
Member Ports
: TwentyGigE0/1/1
Untagged Ports
: None
Forbidden Ports
: None
Name
:
Status
: Permanent
Egress Ethertype
: 0x8100
Service Loopback Status
: Enabled
---------------------------------------------------Vlan ID
: 1
Member Ports
: TwentyGigE0/1/1
Untagged Ports
: TwentyGigE0/1/1
Forbidden Ports
: None
Name
:
Status
: Permanent
Egress Ethertype
: 0x8100
Service Loopback Status
: Enabled
---------------------------------------------------VLAN database
------------VLAN ID
: 2
Member Ports
: Gi0/2, Gi0/3, Gi0/4, Gi0/5
Untagged Ports
: None
Forbidden Ports
: Gi0/1
Name
:
Status
: Permanent
Egress Ethertype
: 0x8100
Service Loopback Status
: Enabled
Disabling Service Loopback of a VLAN
1. To disable VLAN loopback status, use the vlan loopback disable
command in VLAN Configuration Mode.
switch# configure terminal
switch(config)# vlan 2
switch(config-vlan)# vlan loopback disable
switch(config-vlan)# end
2. View the service loopback Status of a VLAN by executing the following
command
16
switch# show vlan
Vlan database
------------Vlan ID
: 2
Member Ports
: TwentyGigE0/1/1
Untagged Ports
: None
Forbidden Ports
: None
Name
:
Status
: Permanent
Egress Ethertype
: 0x8100
Service Loopback Status
: Disabled
---------------------------------------------------Vlan ID
: 1
Member Ports
: TwentyGigE0/1/1
Untagged Ports
: TwentyGigE0/1/1
Forbidden Ports
: None
Name
:
Status
: Permanent
Egress Ethertype
: 0x8100
Service Loopback Status
: Disabled
---------------------------------------------------VLAN database
------------VLAN ID
: 2
Member Ports
: Gi0/2, Gi0/3, Gi0/4, Gi0/5
Untagged Ports
: None
Forbidden Ports
: Gi0/1
Name
:
Status
: Permanent
Egress Ethertype
: 0x8100
Service Loopback Status
: Disabled
Configuring Static Unicast Entry
Configuring a Static Unicast Entry requires the VLAN to be configured and
the member ports for that specified VLAN must also be configured.
1. Execute the following commands to configure a Static Unicast Entry in
the VLAN table.
 Enter the Global Configuration Mode.
switch#configure terminal
 Configure VLAN 2 in the switch.
switch(config)# vlan 2
 Configure a static VLAN entry with the required type of ports.
switch(config-vlan)#ports TwentyGigE 0/1/1 untagged
TwentyGigE 0/1/2
 Exit from the Config-VLAN Mode.
switch(config-vlan)#exit
 Configure a static unicast MAC address in the forwarding database.
switch(config)# mac-address-table static unicast
22:22:22:22:22:22 vlan 2 recv-port TwentyGigE 0/1/1 interface
TwentyGigE 0/1/1
2. View the configuration details by executing the following command.
switch# show mac-address table static unicast
VLAN
Mac Address
RecvPort Status
Ports
----
-----------
-------- ------
-----
2
22:22:22:22:22:22
Gi0/1
Permanent
Gi0/2
Total Mac Addresses displayed: 1
Configuring Static Multicast Entry
To configure a Static Multicast Entry for a specified VLAN, the VLAN must
have been configured prior and the member ports for that VLAN must also be
configured.
1. Execute the following commands to configure Static Multicast Entry in the
VLAN table.
 Enter the Global Configuration Mode.
switch#configure terminal
 Configure VLAN 2 in the switch.
switch(config)# vlan 2
 Configure a static VLAN entry with the required type of ports.
switch(config-vlan)#ports TwentyGigE 0/1/1 untagged
TwentyGigE 0/1/2
 Exit from the Config-VLAN mode.
switch(config-vlan)#exit
 Configure static Multicast MAC address in the forwarding database.
switch(config)# mac-address-table static multicast
01:02:03:04:05:06 vlan 2 recv-port TwentyGigE 0/1/1 interface
TwentyGigE 0/1/1
2. View the configuration details by executing the following show command.
switch# show mac-address table static multicast
18
Static Multicast Table
---------------------VLAN
: 2
Mac Address
: 01:02:03:04:05:06
Receive Port
: Gi0/1
Member Ports
: Gi0/2
Forbidden Ports :
Status
: Permanent
-----------------------------------------------Total Mac Addresses displayed: 1
Configuring VLAN Learning Mode and Type
By default, the VLAN learning mode is IVL (Independent VLAN Learning).
1. Execute the following commands to change the default learning mode to
hybrid.
 Enter the Global Configuration Mode.
switch# configure terminal
 Configure the VLAN Learning Mode as Hybrid.
switch(config)#vlan learning mode hybrid
 Exit from the configuration mode.
switch(config)#end
2. View the VLAN device information by executing the following command.
switch# show vlan device info
VLAN device configurations
-------------------------VLAN Status
: Enabled
VLAN Oper status
: Enabled
Gvrp status
: Enabled
Gmrp status
: Enabled
Gvrp Oper status
: Enabled
Gmrp Oper status
: Enabled
Mac-VLAN Status
: Disabled
Protocol-VLAN Status
: Enabled
Bridge Mode
: Customer Bridge
Traffic Classes
: Enabled
VLAN Operational Learning Mode
: Hybrid
Version number
: 1
Max VLAN id
: 4094
Max supported VLANs
: 1024
switch# show fid detail
Default Learning Type
: IVL
Fid VLAN mapping information
---------------------------Fid
VLANs
: 1
: 1,
---------------------------Fid
VLANs
: 2
: 2,
---------------------------Fid
VLANs
: 3
: 3,
---------------------------Fid
VLANs
: 4
: 4,
---------------------------Fid
VLANs
: 5
: 5,
---------------------------Fid
VLANs
: 6
: 6,
----------------------------------------------------------------------------------Fid
VLANs
: 4094
: 4094
---------------------------3. Execute the following command to configure the learning type.
switch(config)# vlan default hybrid type svl
4. Exit from the configuration mode.
switch(config)# end
5. View the configuration changes by executing the following show
command.
switch# show fid detail
20
Default Learning Type
: SVL
Fid VLAN mapping information
---------------------------Fid
VLANs
: 1
: 1,2,3,4,
5,6,7,8,9,
10,11,12,13,14,
15,16,17,18,19,
20,21,22,23,24,
25,26,27,28,29,
30,31,32,33,34,
35,36,37,38,39,
40,41,42,43,44,
45,46,47,48,49,
50,51,52,53,54,
55,56,57,58,59,
60,61,62,63,64,
65,66,67,68,69,
70,71,72,73,74,
75,76,77,78,79,
80,81,82,83,84,
85,86,87,88,89,
-,-,-,-,-,4094,
---------------------------Fid
VLANs
: 2
:
---------------------------Fid
VLANs
: 3
:
---------------------------Fid
VLANs
: 4
:
---------------------------Fid
VLANs
: 5
:
----------------------------
Fid
: 6
VLANs
:
------------------------------------------------------------------------------------------------Fid
: 4094
VLANs
:
----------------------------
Configuring Dynamic VLAN Learning
By default, GVRP is enabled globally, and can be enabled/disabled on a perport basis. If GVRP is disabled globally in the switch, then use the CLI
command “set gvrp enable” in the Global Configuration Mode to enable
GVRP globally or use the “set port gvrp interface interface id enable” to
enable GVRP on an interface in the Global Configuration Mode. If GVRP is
disabled globally or on a particular port, then dynamic learning of VLAN will
not take place globally or on that specified port accordingly. By default, all
ports in a switch are created (but only port 1 is up) and added as member
ports of default VLAN 1.
Refer Figure 1 for setup. In Switch A P1 is configured to be a member port of
VLAN 2.
1. Execute the following commands in Switch A.
 Enter the Global Configuration Mode.
switch# configure terminal
 Enter the Interface Configuration Mode for interface 2 and make the
interface up.
switch(config)#interface TwentyGigE 0/1/2
switch(config-if)#no shutdown
 Exit from the Interface Configuration Mode.
switch(config-if)#exit
 Configure VLAN 2 in the switch.
switch(config)#vlan 2
 Configure VLAN 2 as static VLAN with the required type of ports.
switch(config-vlan)#ports TwentyGigE 0/1/1 untagged
TwentyGigE 0/1/1
 Exit from the Interface Configuration Mode.
22
switch(config-vlan)# end
2. View the VLAN information by executing the following show command.
switch# show vlan
The output in Switch A is,
VLAN database
------------VLAN ID
: 1
Member Ports
Gi0/5, Gi0/6
: Gi0/1, Gi0/2, Gi0/3, Gi0/4,
Gi0/7, Gi0/8, Gi0/9, Gi0/10,
Gi0/11, Gi0/12
Gi0/13, Gi0/14, Gi0/15, Gi0/16,
Gi0/17, Gi0/18
Gi0/19, Gi0/20, Gi0/21, Gi0/22,
Gi0/23, Gi0/24
Untagged Ports
Gi0/5, Gi0/6
: Gi0/1, Gi0/2, Gi0/3, Gi0/4,
Gi0/7, Gi0/8, Gi0/9, Gi0/10,
Gi0/11, Gi0/12
Gi0/13, Gi0/14, Gi0/15, Gi0/16,
Gi0/17, Gi0/18
Gi0/19, Gi0/20, Gi0/21, Gi0/22,
Gi0/23, Gi0/24
Forbidden Ports
: None
Name
:
Status
: Permanent
---------------------------------------------------VLAN ID
: 2
Member Ports
: Gi0/1
Untagged Ports
: Gi0/1
Forbidden Ports
: None
Name
:
Status
: Permanent
---------------------------------------------------The output in switch B is,
VLAN database
------------VLAN ID
: 1
Member Ports
Gi0/5, Gi0/6
: Gi0/1, Gi0/2, Gi0/3, Gi0/4,
Gi0/7, Gi0/8, Gi0/9, Gi0/10,
Gi0/11, Gi0/12
Gi0/13, Gi0/14, Gi0/15, Gi0/16,
Gi0/17, Gi0/18
Gi0/19, Gi0/20, Gi0/21, Gi0/22,
Gi0/23, Gi0/24
Untagged Ports
Gi0/5, Gi0/6
: Gi0/1, Gi0/2, Gi0/3, Gi0/4,
Gi0/7, Gi0/8, Gi0/9, Gi0/10,
Gi0/11, Gi0/12
Gi0/13, Gi0/14, Gi0/15, Gi0/16,
Gi0/17, Gi0/18
Gi0/19, Gi0/20, Gi0/21, Gi0/22,
Gi0/23, Gi0/24
Forbidden Ports
: None
Name
:
Status
: Permanent
---------------------------------------------------VLAN ID
: 2
Member Ports
: Gi0/1
Untagged Ports
: None
Forbidden Ports
: None
Name
:
Status
: Dynamic Gvrp
Configuring Dynamic Multicast Learning
By default, GMRP is enabled globally and can be enabled/disabled on a perport basis. If GMRP is disabled globally in the switch, then use the CLI
command “set gmrp enable” in the Global Configuration Mode to enable
GMRP globally or use the “set port gmrp interface interface id enable”
command in the Global Configuration Mode. If GMRP is disabled on a port or
globally, then dynamic multicast learning will not take place globally or on
that port. By default, all ports in a switch are created (but only port 1 is up)
and added as member ports of default VLAN 1.
Refer Figure 1 for setup.
1. Execute the following commands in Switch A to configure static Multicast
MAC address.
 Enter the Global Configuration Mode.
switch# configure terminal
 Enter the Interface Configuration Mode (for interface 2) and make the
interface up.
switch(config)# interface TwentyGigE 0/1/1
switch(config-if)# no shutdown
24
 Exit from the Interface Configuration Mode.
switch(config-if)# exit
 Configure static Multicast MAC address.
switch(config)# mac-address-table static multicast
01:02:03:04:05:06 vlan 1 recv-port TwentyGigE 0/1/1 interface
TwentyGigE 0/1/2
2. View the MAC-address table details by executing the following show
command.
switch# show mac-address-table static multicast
Static Multicast Table
---------------------VLAN
: 1
Mac Address
: 01:02:03:04:05:06
Receive Port
: Gi0/1
Member Ports
: Gi0/2
Forbidden Ports :
Status
: Permanent
-----------------------------------------------Total Mac Addresses displayed: 1
3. Execute the following commands in switch B.
 Enter the Global Configuration Mode.
switch# configure terminal
 Disable GMRP globally on the device.
switch(config)# set gmrp disable
 Return to Privileged EXEC Mode.
switch(config)# end
4. View the MAC-Address-Table details by executing the following show
command.
switch# show mac-address-table
VLAN
Mac Address
Type
Ports
----
-----------
----
-----
1
00:01:02:03:04:02
Learnt
Gi0/1
Total Mac Addresses displayed: 1
5. Execute the following commands to enable GMRP globally in switch B.
switch# configure terminal
switch(config)# set gmrp enable
switch# show mac-address-table
VLAN
Mac Address
Type
Ports
----
-----------
----
-----
1
00:01:02:03:04:02
Learnt
Gi0/1
1
01:02:03:04:05:06
Learnt
Gi0/1
Total Mac Addresses displayed: 2
Configuring Restricted VLAN Registration
By default, restricted VLAN registration is disabled on a port. If restricted
VLAN registration is enabled on a port, then VLAN is learnt dynamically on
that port, only if the specific VLAN is statically configured in the switch. If
restricted VLAN registration rules are disabled, then GVRP packets are
processed normally and VLANs are learnt dynamically even if they are not
statically configured in the switch.
Refer Figure 1 for setup. In Switch A, P1 is configured to be member port of
VLANs 2 and 3.
1. View the VLAN information before configuring restricted VLAN
registration.
The Output in switch A is,
switch# show vlan
Switch default
Vlan database
------------Vlan ID
: 2
Member Ports
: TwentyGigE0/1/1
Untagged Ports
: None
Forbidden Ports
: None
Name
:
Status
: Permanent
Egress Ethertype
: 0x8100
Service Loopback Status
: Disabled
---------------------------------------------------Vlan ID
: 1
Member Ports
: TwentyGigE0/1/1
Untagged Ports
: TwentyGigE0/1/1
Forbidden Ports
: None
Name
:
Status
: Permanent
Egress Ethertype
: 0x8100
Service Loopback Status
: Disabled
----------------------------------------------------
26
VLAN database
------------VLAN ID
: 1
Member Ports
Gi0/5, Gi0/6
: Gi0/1, Gi0/2, Gi0/3, Gi0/4,
Gi0/7, Gi0/8, Gi0/9, Gi0/10,
Gi0/11, Gi0/12
Gi0/13, Gi0/14, Gi0/15, Gi0/16,
Gi0/17, Gi0/18
Gi0/19, Gi0/20, Gi0/21, Gi0/22,
Gi0/23, Gi0/24
Untagged Ports
Gi0/5, Gi0/6
: Gi0/1, Gi0/2, Gi0/3, Gi0/4,
Gi0/7, Gi0/8, Gi0/9, Gi0/10,
Gi0/11, Gi0/12
Gi0/13, Gi0/14, Gi0/15, Gi0/16,
Gi0/17, Gi0/18
Gi0/19, Gi0/20, Gi0/21, Gi0/22,
Gi0/23, Gi0/24
Forbidden Ports
: None
Name
:
Status
: Permanent
---------------------------------------------------VLAN ID
: 2
Member Ports
: Gi0/1
Untagged Ports
: Gi0/1
Forbidden Ports
: None
Name
:
Status
: Permanent
---------------------------------------------------VLAN ID
: 3
Member Ports
: Gi0/1
Untagged Ports
: Gi0/1
Forbidden Ports
: None
Name
:
Status
: Permanent
---------------------------------------------------The output in switch B is,
switch# show vlan
VLAN database
------------VLAN ID
: 1
Member Ports
Gi0/5, Gi0/6
: Gi0/1, Gi0/2, Gi0/3, Gi0/4,
Gi0/7, Gi0/8, Gi0/9, Gi0/10,
Gi0/11, Gi0/12
Gi0/13, Gi0/14, Gi0/15, Gi0/16,
Gi0/17, Gi0/18
Gi0/19, Gi0/20, Gi0/21, Gi0/22,
Gi0/23, Gi0/24
Untagged Ports
Gi0/5, Gi0/6
: Gi0/1, Gi0/2, Gi0/3, Gi0/4,
Gi0/7, Gi0/8, Gi0/9, Gi0/10,
Gi0/11, Gi0/12
Gi0/13, Gi0/14, Gi0/15, Gi0/16,
Gi0/17, Gi0/18
Gi0/19, Gi0/20, Gi0/21, Gi0/22,
Gi0/23, Gi0/24
Forbidden Ports
: None
Name
:
Status
: Permanent
---------------------------------------------VLAN ID
: 2
Member Ports
: Gi0/1
Untagged Ports
: None
Forbidden Ports
: None
Name
:
Status
: Dynamic Gvrp
------------------------------------------VLAN ID
: 3
Member Ports
: Gi0/1
Untagged Ports
: None
Forbidden Ports
: None
Name
:
Status
: Dynamic Gvrp
--------------------------------------------2. Execute the following commands in Switch B to enable restricted VLAN
registration.
 Enter the Global Configuration Mode.
switch# configure terminal
28
 Enable Restricted VLAN registration on a port.
switch(config)# interface TwentyGigE 0/1/1
switch(config-if)# vlan restricted enable
3. View the configuration details after enabling VLAN registration.
switch# show vlan
VLAN database
------------VLAN ID
: 1
Member Ports
Gi0/5, Gi0/6
: Gi0/1, Gi0/2, Gi0/3, Gi0/4,
Gi0/7, Gi0/8, Gi0/9, Gi0/10,
Gi0/11, Gi0/12
Gi0/13, Gi0/14, Gi0/15, Gi0/16,
Gi0/17, Gi0/18
Gi0/19, Gi0/20, Gi0/21, Gi0/22,
Gi0/23, Gi0/24
Untagged Ports
Gi0/5, Gi0/6
: Gi0/1, Gi0/2, Gi0/3, Gi0/4,
Gi0/7, Gi0/8, Gi0/9, Gi0/10,
Gi0/11, Gi0/12
Gi0/13, Gi0/14, Gi0/15, Gi0/16,
Gi0/17, Gi0/18
Gi0/19, Gi0/20, Gi0/21, Gi0/22,
Gi0/23, Gi0/24
Forbidden Ports
: None
Name
:
Status
: Permanent
---------------------------------------------------4. Create VLAN 2 in switch B.
switch# configure terminal
switch(config)# vlan 2
switch(config-vlan)# ports TwentyGigE 0/1/1
switch# show vlan
VLAN database
------------VLAN ID
: 1
Member Ports
Gi0/5, Gi0/6
: Gi0/1, Gi0/2, Gi0/3, Gi0/4,
Gi0/11, Gi0/12
Gi0/7, Gi0/8, Gi0/9, Gi0/10,
Gi0/13, Gi0/14, Gi0/15, Gi0/16,
Gi0/17, Gi0/18
Gi0/19, Gi0/20, Gi0/21, Gi0/22,
Gi0/23, Gi0/24
Untagged Ports
Gi0/5, Gi0/6
: Gi0/1, Gi0/2, Gi0/3, Gi0/4,
Gi0/7, Gi0/8, Gi0/9, Gi0/10,
Gi0/11, Gi0/12
Gi0/13, Gi0/14, Gi0/15, Gi0/16,
Gi0/17, Gi0/18
Gi0/19, Gi0/20, Gi0/21, Gi0/22,
Gi0/23, Gi0/24
Forbidden Ports
: None
Name
:
Status
: Permanent
---------------------------------------------------VLAN ID
: 2
Member Ports
: Gi0/1, Gi0/2
Untagged Ports
: None
Forbidden Ports
: None
Name
:
Status
: Permanent
 Since VLAN 2 is statically configured in switch B, VLAN 2 is learnt dynamically on
port 1 of switch B, even though restricted VLAN registration is enabled.
Configuring Restricted Group Registration
By default, port level restricted group registration is disabled. If this feature is
enabled, then multicast group attribute/service requirement attribute is learnt
dynamically on a port, only if the specific multicast group attribute/service
requirement attribute is statically configured in the switch. If restricted group
registration rules are disabled, then the GMRP packets are processed
normally and the multicast group attribute/service requirement attributes are
learnt dynamically, even if they are not statically configured in the switch.
Refer Figure 1 for setup.
1. Execute the following commands in switch A to configure static multicast
MAC Address.
 Enter the Global Configuration Mode.
switch#configure terminal
 Configure static multicast entry with the required ports.
switch(config)# mac-address-table static multicast
01:02:03:04:05:06 vlan 1 recv-port TwentyGigE 0/1/1 interface
TwentyGigE 0/1/2
switch(config)#end
30
2. View the Static Multicast Table by executing the following show
command.
switch# show mac-address table static multicast
Static Multicast Table
---------------------VLAN
: 1
Mac Address
: 01:02:03:04:05:06
Receive Port
: Gi0/1
Member Ports
: Gi0/2
Forbidden Ports :
Status
: Permanent
-----------------------------------------------3. View the statically configured multicast entry by executing the following
show command:
switch# show mac-address-table
Switch default
Vlan
Mac Address
----
Type
ConnectionId
-----------
Ports
----
-----------
-----
1
14:02:ec:c8:88:38 Learnt
TwentyGigE0/1/1
1
14:02:ec:c8:88:39 Learnt
TwentyGigE0/1/1
1
5c:b9:01:47:c4:79 Learnt
FortyGigE0/0/8
1
5c:b9:01:47:c4:7e Learnt
FortyGigE0/0/7
Total Mac Addresses displayed: 4
The output in switch A is,
VLAN
Mac Address
Type
Ports
----
-----------
----
-----
1
00:02:02:03:04:01
port 1 mac address)
Learnt
Gi0/2 (Switch B
1
Static
Gi0/2
01:02:03:04:05:06
Total Mac Addresses displayed: 2
The output in Switch B is,
switch# show mac-address-table
VLAN
Mac Address
Type
Ports
----
-----------
----
-----
1
00:01:02:03:04:02
port 2 mac address)
Learnt
1
01:02:03:04:05:06
address configured
Gi0/1 (In switch A
Learnt
Gi0/1 (group mac
In switch A)
Total Mac Addresses displayed: 2
4. Execute the following commands to enable restricted group registration in
Switch B.
 Enter the Global Configuration Mode.
switch# configure terminal
 Enable restricted group registration on a port.
switch(config)# interface TwentyGigE 0/1/1
switch(config-if)# group restricted enable
switch(config-if)#end
5. View the configuration details after enabling restricted group registration.
switch# show mac-address-table
VLAN
Mac Address
Type
Ports
----
-----------
----
-----
1
00:01:02:03:04:02
Learnt
Gi0/1
Total Mac Addresses displayed: 1
6. Create static multicast MAC address by executing the following
commands.
 Enter the Global Configuration Mode.
switch# configure terminal
 Configure static multicast entry with the required ports.
switch(config)# mac-address-table static multicast
01:02:03:04:05:06 vlan 1 recv-port TwentyGigE 0/1/1 interface
TwentyGigE 0/1/1
 Exit from the Global Configuration Mode.
switch(config)#end
7. View the MAC Address Table details by executing the following show
command.
switch# show mac-address-table
VLAN
Mac Address
Type
Ports
----
-----------
----
-----
1
00:01:02:03:04:02
Learnt
Gi0/1
1
01:02:03:04:05:06
Static
Gi0/1,Gi0/2
Total Mac Addresses displayed: 2
32
 As the group-mac address 01:02:03:04:05:06 is statically configured in switch B, it is
learnt dynamically on port 1 of switch B, even though restricted group registration is
enabled.
Changing the Forwarding Mode
The following sections describe the configuration of Forwarding Mode for a
VLAN.
Forward-all
The forward-all information for a VLAN specifies the set of ports on that
VLAN to which, all multicast packets must be forwarded.
1. Execute the following commands to configure a set of ports as forwardall.
 Enter the Global Configuration Mode.
switch# configure terminal
 Enter the VLAN Configuration mode (for VLAN 4).
switch(config)# vlan 4
 Configure member ports for VLAN 4.
switch(config-vlan)#port TwentyGigE 0/1/2-4
 Configure the forward-all information for the member ports of VLAN
4.
switch(config-vlan)# forward-all static-ports TwentyGigE 0/1/2
forbidden-ports TwentyGigE 0/1/4
2. View the configuration information by executing the following show
command.
switch# show forward-all
VLAN Forward All Table
-----------------------VLAN ID : 1
ForwardAll Ports
:
ForwardAll Static Ports
:
ForwardAll ForbiddenPorts :
---------------------------------------------------VLAN ID : 4
ForwardAll Ports
: Gi0/2
ForwardAll Static Ports
: Gi0/2
ForwardAll ForbiddenPorts : Gi0/4
-----------------------------------------------------
 Forbidden ports are the set of ports in a VLAN, configured by the user over which,
the multicast group-addressed frames are not forwarded.
Forward-Unregistered
Forward unregistered information for a VLAN specifies the set of ports for
that VLAN, which does not have specific forwarding information.
1. Execute the following commands to configure the forward unregistered
information for a VLAN.
 Enter the Global Configuration Mode.
switch# configure terminal
 Enter the VLAN Configuration mode (for VLAN 4).
switch(config)# vlan 4
 Configure member ports for VLAN 4.
switch(config-vlan)#port TwentyGigE 0/1/1-4
 Configure the forward-unregistered information for VLAN 4.
switch(config-vlan)# forward-unregistered static-ports
TwentyGigE 0/1/1 forbidden-ports TwentyGigE 0/1/1
switch(config-vlan)# end
2. View the configuration information by executing the following command.
switch# show forward-unregistered
VLAN Forward Unregistered Table
--------------------------------VLAN ID : 1
Unreg ports
Gi0/5, Gi0/6
: Gi0/1, Gi0/2, Gi0/3, Gi0/4,
Gi0/7, Gi0/8, Gi0/9, Gi0/10,
Gi0/11, Gi0/12
Gi0/16, Gi0/17, Gi0/18
Gi0/22, Gi0/23, Gi0/24
Unreg Static Ports
Gi0/5, Gi0/6
Gi0/13, Gi0/14, Gi0/15,
Gi0/19, Gi0/20, Gi0/21,
: Gi0/1, Gi0/2, Gi0/3, Gi0/4,
Gi0/7, Gi0/8, Gi0/9, Gi0/10,
Gi0/11, Gi0/12
Gi0/16, Gi0/17, Gi0/18
Gi0/22, Gi0/23, Gi0/24
Gi0/13, Gi0/14, Gi0/15,
Gi0/19, Gi0/20, Gi0/21,
Unreg Forbidden Ports :
-----------------------------------------------------VLAN ID : 4
Unreg ports
: Gi0/1
Unreg Static Ports
: Gi0/1
34
Unreg Forbidden Ports : Gi0/4
------------------------------------------------------
Classifying Frames to a VLAN
As per the IEEE standards, rules are defined for classifying the frames in a
VLAN. VLAN classification is accomplished by associating a VLAN ID with
each port on the switch. Optionally, frames can be classified according to the
protocol identifier contained within the frame. Frame classification priority
begins with VLAN Tag; followed by MAC based, protocol match, and finally
the PVID.
Port Based Classification
In port-based classification, the VLAN ID associated with an untagged or
priority-tagged frame is determined, based on the port on which the frame
arrives. Port-based classification requires the association of a specific VLAN
ID, the port VLAN identifier (PVID) with each port.
 A port can be a member of only one port-based VLAN.
 If PVID value has not been explicitly configured for a port, then PVID assumes a
default value of 1.
1. Execute the following commands to configure the PVID that is assigned
to untagged/priority-tagged frames.
 Enter the Global Configuration Mode.
switch# configure terminal
 Enter the Interface Configuration Mode for port TwentyGigE 0/1/5.
switch(config)# interface TwentyGigE 0/1/5
 Configure the PVID that is to be assigned to untagged/priority-tagged
frames.
switch(config-if)# switchport pvid
2. View the configuration details by executing the following show command.
switch# show vlan port config port TwentyGigE 0/1/5
VLAN Port configuration table
------------------------------Port Gi0/5
Port VLAN ID
: 4
Port Acceptable Frame Type
: Admit All
Port Ingress Filtering
: Disabled
Port Mode
: Hybrid
Port Gvrp Status
: Enabled
Port Gmrp Status
: Enabled
Port Gvrp Failed Registrations
: 0
Gvrp last pdu origin
00:00:00:00:00:00
:
Port Restricted VLAN Registration
: Disabled
Port Restricted Group Registration
: Disabled
Mac Based Support
: Disabled
Port-and-Protocol Based Support
: Enabled
Default Priority
: 0
--------------------------------------------------
Port and Protocol Based Classification
All untagged and priority-tagged frames received by a port are classified as
belonging to a VLAN, the VID (the PVID) of which is associated with the Portprotocol group/higher layer protocol for the port.
1. Execute the following commands to configure protocol-based VLAN
classification.
 Enter the Global Configuration Mode.
switch# configure terminal
 Configure the group ID for a specific encapsulation and protocol
value combination.
switch(config)# map protocol ip enet-v2 protocols-group 10
This command adds IP protocol and frame of type Enet-V2 to
protocol group 10.
2. View the configuration details by executing the following show command.
switch# show vlan protocols-group
Protocol Group Table
------------------------------------------------------------Frame Type
Protocol
Group
-----------------------------------------Enet-v2
IP
10
-----------------------------------------3. Map the protocol group configured to a particular VLAN identifier and to
the specified interface.
switch(config)# interface gigabitethernet 0/7
switch(config-if)# switchport map protocols-group 10 vlan 4
 The above configuration classifies the IP packets received on the interface
gigabitethernet 0/ 7 to VLAN 4.
switch# show protocol-vlan
Port Protocol Table
--------------------------------------
36
Port
Group
VLAN ID
-------------------------------------Gi0/7
10
4
--------------------------------------
MAC Based Classification
In MAC based classification, a set of MAC addresses is formed to define a
VLAN. Classification of the VLAN ID of the received packet is done based on
the source address of the packet.
1. Execute the following commands to enable MAC based classification for
all the available interfaces of VLAN.
 Enter the Global Configuration Mode.
switch# configure terminal
 Enable MAC-based VLAN for all the available interfaces of the
VLAN.
switch(config)# mac-vlan
2. View the configuration details by executing the following show command.
switch# show vlan device info
VLAN device configurations
-------------------------VLAN Status
: Enabled
VLAN Oper status
: Enabled
Gvrp status
: Enabled
Gmrp status
: Enabled
Gvrp Oper status
: Enabled
Gmrp Oper status
: Enabled
Mac-VLAN Status
: Enabled
Protocol-VLAN Status
: Enabled
Bridge Mode
: Customer Bridge
Traffic Classes
: Enabled
VLAN Operational Learning Mode
: IVL
Version number
: 1
Max VLAN id
: 4094
Max supported VLANs
: 1024
3. Execute the following commands to enable MAC-based VLAN learning
on a port.
 Enter the Global Configuration Mode.
switch# configure terminal
 Enter the Interface Configuration Mode for port TwentyGigE 0/1/1.
switch(config)# interface TwentyGigE 0/1/1
 Enable MAC based VLAN for the port TwentyGigE 0/1/1.
switch(config-if)# port mac-vlan
 Exit from the configuration mode.
switch(config-if)# end
4. View the configuration details by executing the following show command.
switch# show vlan port config port TwentyGigE 0/1/1
VLAN Port configuration table
------------------------------Port Gi0/2
Port VLAN ID
: 1
Port Acceptable Frame Type
: Admit All
Port Ingress Filtering
: Disabled
Port Mode
: Hybrid
Port Gvrp Status
: Enabled
Port Gmrp Status
: Enabled
Port Gvrp Failed Registrations
: 0
Gvrp last pdu origin
00:00:00:00:00:00
:
Port Restricted VLAN Registration
: Disabled
Port Restricted Group Registration
: Disabled
Mac Based Support
: Enabled
Port-and-Protocol Based Support
: Enabled
Default Priority
: 0
-------------------------------------------------5. Configure the VLAN-MAC address mapping.
switch(config)# mac-map 00:11:22:33:44:55 vlan 1
6. View the configuration details by executing the following show command.
switch# show mac-vlan
Mac Map Table
-------------Mac Address
VLAN ID
-----------
-------
00:11:22:33:44:55
1
38
The above configuration enables packets from the source
00:11:22:33:44:55 to be classified to VLAN 1.
Enabling Tunneling on a Port
 Bridge mode must be set to ‘provider’ for dot1q-tunneling status to be enabled on an
interface.
 Before configuring the bridge mode, spanning tree and GARP must be shutdown.
 This feature is available only in ICMMetro Package.
1. Execute the following commands to shutdown GARP and spanning tree.
switch(config)# set gvrp disable
switch(config)# set gmrp disable
switch(config)# shutdown garp
switch(config)# shutdown spanning-tree
2. Configure the bridge mode of the Switch.
switch(config)# bridge-mode provider
3. Enable GARP and spanning tree.
switch(config)# no shutdown garp
switch(config)# set gvrp enable
switch(config)# set gmrp enable
switch(config)# spanning-tree mode mst
switch# show vlan device info
VLAN device configurations
-------------------------VLAN Status
: Enabled
VLAN Oper status
: Enabled
Gvrp status
: Enabled
Gmrp status
: Enabled
Gvrp Oper status
: Enabled
Gmrp Oper status
: Enabled
Mac-VLAN Status
: Disabled
Protocol-VLAN Status
: Enabled
Bridge Mode
: Provider Bridge
Traffic Classes
: Enabled
VLAN Operational Learning Mode
: IVL
Version number
: 1
Max VLAN id
: 4094
Max supported VLANs
: 1024
 To enable dot1q-tunneling on a specified port:
Port acceptable frame-type must be untaggedAndPrioritytagged
Port must be configured in access mode
GVRP, GMRP, STP must be disabled on that port.
4. Execute the following command to disable GVRP on a port.
switch(config)# set port gvrp TwentyGigE 0/1/1 disable
5. Execute the following command to disable GMRP on a port.
switch(config)# set port gmrp TwentyGigE 0/1/1 disable
switch(config)# interface TwentyGigE 0/1/1
6. Configure the Switch port acceptable frame-type as
untaggedAndPrioritytagged
switch(config-if)# switchport acceptable-frame-type
untaggedAndPrioritytagged
7. Configure the Switch port mode as access.
switch(config-if)# switchport mode access
8. Execute the following command to disable STP on a port
switch(config-if)# spanning-tree disable
9. Enable Dot1q-tunneling on a specified interface.
switch(config-if)# switchport mode Dot1q-tunnel
10. View the configuration details by executing the following show command.
switch# show vlan port config port TwentyGigE 0/1/1
VLAN Port configuration table
------------------------------Port Gi0/1
Port VLAN ID
Port Acceptable Frame Type
Untagged and Priority tagged
: 1
: Admit Only
Port Ingress Filtering
: Disabled
Port Mode
: Access
Port Gvrp Status
: Disabled
Port Gmrp Status
: Enabled
Port Gvrp Failed Registrations
: 0
Gvrp last pdu origin
00:00:00:00:00:00
:
Port Restricted VLAN Registration
: Disabled
Port Restricted Group Registration
: Disabled
Mac Based Support
: Disabled
Port-and-Protocol Based Support
: Enabled
Default Priority
: 0
--------------------------------------------------
40
switch# show Dot1q-tunnel interface TwentyGigE 0/1/1TwentyGigE
0/1/1
Interface
--------Gi0/1
Tunneling of STP Packets
BPDU tunneling can be enabled on a port, if Dot1q tunneling is enabled on
that port.
1. Execute the following commands to enable tunneling of STP BPDUs.
 Enter the Global Configuration Mode.
switch# configure terminal
 Configure the VLAN port mode.
switch(config-if)# switchport mode access
 Enable Dot1q-tunneling on the specified interface.
switch(config-if)# switchport mode Dot1q-tunnel
 Disable spanning tree on the specified interface.
switch(config-if)#spanning-tree disable
% Spanning Tree is shutdown
 Enable tunneling of STP BPDUs on the interface.
switch(config-if)# l2protocol-tunnel stp
2. View the configuration details by executing the following show command.
switch# show l2protocol-tunnel
COS for Encapsulated STP Packet : 7
Port Protocol
Counter
Encapsulation Counter
Decapsulation
---- --------------
---------------------
--------------
Gi0/1
stp
0
0
Gi0/1
gvrp
0
0
Service Classes and Expedited Traffic Handling
HPE VLAN supports multiple traffic classes to handle expedited traffic. Each
traffic class is assigned a traffic type based on the time sensitiveness of the
traffic. The aim is to meet the latency and throughput requirement of timecritical traffic in a LAN environment, where both time-critical and non-timecritical traffic compete for the network bandwidth.
Each priority tagged data frame received carries priority information. This
information is used to map the traffic to one of the supported Traffic classes
for a given outbound port. Based on the selected Traffic class, the frame is
scheduled for outbound transmission.
Configuring VLAN Max Traffic Class
It is possible to configure the maximum number of traffic classes supported
on a port.
1. Execute the following commands to configure the maximum number of
traffic classes supported on a port.
 Enter the Global Configuration Mode.
switch# configure terminal
 Enter the Interface Configuration Mode.
switch(config)# interface TwentyGigE 0/1/2
 Configure the maximum number of traffic classes that can be
supported on a port.
switch(config-if)# vlan max-traffic-class 4
2. View the configuration information by executing the following show
command.
switch# show vlan traffic-classes port TwentyGigE 0/1/1
Traffic Class table
--------------------Port
Priority
Traffic Class
-----
---------
-------------
Gi0/2
0
1
Gi0/2
1
0
Gi0/2
2
0
Gi0/2
3
1
Gi0/2
4
2
Gi0/2
5
2
Gi0/2
6
3
Gi0/2
7
3
Mapping Priority to Traffic Class
It is possible to map a priority to a traffic class on the specified port. The
frame received on the interface with the configured priority is processed in
the configured traffic class.
1. Execute the following commands to map a priority to a traffic class.
 Enter the Global Configuration Mode.
switch# configure terminal
 Enter the Interface Configuration Mode.
switch(config)# interface TwentyGigE 0/1/2
 Map the priority to traffic class.
switch(config-if)# vlan map-priority 7 traffic-class 1
42
2. View the configuration information by executing the following show
command.
switch# show vlan traffic-classes port TwentyGigE 0/1/2
Traffic Class table
--------------------Port
Priority
Traffic Class
-----
---------
-------------
Gi0/2
0
1
Gi0/2
1
0
Gi0/2
2
0
Gi0/2
3
1
Gi0/2
4
2
Gi0/2
5
2
Gi0/2
6
3
Gi0/2
7
1
Configuring Port Filtering
Configuring Acceptable Frametype
It is possible to configure the acceptable frame type for the port as one of the
following:



1.
All frames
Tagged frames
Untagged and priority tagged frames.
Execute the following commands to configure the acceptable frame type
for the port.
 Enter the Global Configuration Mode.
switch# configure terminal
 Enter the Interface Configuration Mode and configure the frame type
of the port as “tagged” for that interface.
switch(config)# interface TwentyGigE 0/1/2
switch(config-if)# switchport acceptable-frame-type tagged
2. View the configuration information by executing the following show
command.
switch# show vlan port config port TwentyGigE 0/1/1
VLAN Port configuration table
------------------------------Port Gi0/2
Port VLAN ID
: 1
Port Acceptable Frame Type
Tagged
: Admit Only VLAN
Port Ingress Filtering
: Disabled
Port Mode
: Hybrid
Port Gvrp Status
: Enabled
Port Gmrp Status
: Enabled
Port Gvrp Failed Registrations
: 0
Gvrp last pdu origin
00:00:00:00:00:00
:
Port Restricted VLAN Registration
: Disabled
Port Restricted Group Registration
: Disabled
Mac Based Support
: Disabled
Port-and-Protocol Based Support
: Enabled
Default Priority
: 0
----------------------------------------------------
 When set to “tagged”, the device will discard untagged and priority tagged frames
received on the port and will process only the VLAN tagged frames.
Configuring Ingress Filtering
Enabling Ingress Filtering on a port does not allow frames for a VLAN from a
port, which is not the member port of that particular VLAN.
1. Execute the following commands to enable ingress filtering on a port.
 Enter the Global Configuration Mode.
switch# configure terminal
 Enter the Interface Configuration Mode and enable ingress filtering
for that interface.
switch(config)# interface TwentyGigE 0/1/1
switch(config-if)# switchport ingress-filter
switch(config-if)# end
2. View the configuration details by executing the following show command.
switch# show vlan port config port TwentyGigE 0/1/1
Switch default
Vlan Port configuration table
------------------------------Port TwentyGigE0/1/1
Bridge Port Type
Port
: Customer Bridge
44
Port Vlan ID
: 1
Port Acceptable Frame Type
: Admit All
Port Mac Learning Status
: Enabled
Port Ingress Filtering
: Enabled
Port Mode
: Hybrid
Mac Based Support
: Disabled
Subnet Based Support
: Disabled
Port-and-Protocol Based Support
: Enabled
Default Priority
: 0
Filtering Utility Criteria
: Default
Port Protected Status
: Disabled
Ingress EtherType
: 0x8100
Egress EtherType
: 0x8100
Egress TPID Type
: Portbased
Allowable TPID 1
: 0x0
Allowable TPID 2
: 0x0
Allowable TPID 3
: 0x0
-----------------------------------------------------VLAN Port configuration table
------------------------------Port Gi0/1
Port VLAN ID
: 1
Port Acceptable Frame Type
: Admit All
Port Ingress Filtering
: Enabled
Port Mode
: Hybrid
Port Gvrp Status
: Enabled
Port Gmrp Status
: Enabled
Port Gvrp Failed Registrations
: 0
Gvrp last pdu origin
00:00:00:00:00:00
:
Port Restricted VLAN Registration
: Disabled
Port Restricted Group Registration
: Disabled
Mac Based Support
: Disabled
Port-and-Protocol Based Support
: Enabled
Default Priority
: 0
-----------------------------------------------------
Configuring Filtering Utility Criteria
Filtering Utility Criteria can be configured as Default or Enhanced .By
default, the Filtering Utility criteria will be selected as Default.
1. Execute the following commands to change filtering utility criteria on a
port.
 Enter the Global Configuration Mode.
switch# configure terminal
 Enter the Interface Configuration Mode and change filtering utility
criteria for that interface.
switch(config)# interface TwentyGigE 0/1/1
switch(config-if)# switchport filtering-utility-criteria enhanced
2. View the configuration details by executing the following show command.
switch# show vlan port config port TwentyGigE 0/1/1
Vlan Port configuration table
------------------------------Port Gi0/1
Port Vlan ID
: 1
Port Acceptable Frame Type
: Admit All
Port Ingress Filtering
: Disabled
Port Mode
: Hybrid
Port Gvrp Status
: Enabled
Port Gmrp Status
: Enabled
Port Gvrp Failed Registrations
: 0
Gvrp last pdu origin
00:00:00:00:00:00
:
Port Restricted Vlan Registration
: Disabled
Port Restricted Group Registration
: Disabled
Mac Based Support
: Disabled
Port-and-Protocol Based Support
: Enabled
Default Priority
: 0
Tunnel Status
: Disabled
Dot1x Protocol Tunnel Status
: Peer
LACP Protocol Tunnel Status
: Peer
Spanning Tree Tunnel Status
: Peer
GVRP Protocol Tunnel Status
: Peer
GMRP Protocol Tunnel Status
: Peer
IGMP Protocol Tunnel Status
: Peer
Filtering Utility Criteria
: Enhanced
46
Port Protected Status
: Disabled
--------------------------------------------------
Configuring WildCard Entry
If WildCard entry is present and there is no static entry configured in the
switch for received destination MAC address and VLAN, then frame will be
forwarded on wildcard egress ports.
Refer Figure 1 for setup.
1. Execute the following commands in switch A to configure static multicast
MAC Address.
 Enter the Global Configuration Mode.
switch#configure terminal
 Configure wildcard entry with the required egress ports.
switch(config)# wildcard mac-address 00:01:02:03:04:05
interface TwentyGigE 0/1/1
2. View the configured WildCard entry by executing the following show
command.
switch# show wildcard mac-address 00:01:02:03:04:05
Wild Card Entries:
-----------------Mac Address
-----------
Ports
-------------------
00:01:02:03:04:05
Gi0/1
Configuring VLAN Counter Status
Counter status can be enabled/ disabled per VLAN
1. Execute the following commands to configure the vlan counter status.
 Enter the Global Configuration Mode.
switch# configure terminal
 Enter the VLAN Configuration Mode and configure the counter status
of the vlan
switch(config)# vlan 1
switch(config-vlan)# set vlan counter enable
Switch(config-vlan)# end
2. View the configuration by executing the following show command.
switch# show vlan statistics
Switch default
Software Statistics Disabled
Unicast/broadcast Vlan statistics
------------------------------------Vlan Statistics Collection is Enabled
Vlan Id
: 1
Unicast frames received
: 0
Mcast/Bcast frames received
: 0
Unknown Unicast frames flooded
: 0
Unicast frames transmitted
: 0
Broadcast frames transmitted
: 0
In Frames
: 65
In Bytes
: 8424
Out Frames
: 44
Out Bytes
: 7256
Discard Frames
: 0
Discard Bytes
: 0
------------------------------------Vlan Statistics Collection is Disabled
------------------------------------Software Statistics Enabled
Unicast/broadcast Vlan statistics
------------------------------------Vlan Id
: 1
Unicast frames received
: 0
Mcast/Bcast frames received
: 0
Unknown Unicast frames flooded
: 0
Unicast frames transmitted
: 0
Broadcast frames transmitted
: 0
Vlan Statistics Collection is Enabled
When set to “enabled”, the device will start collecting the statistics for the
specified Vlan.
Bridge Mode Configuration
The Provider Bridging feature of VLAN Module in ICMenables a service
provider to offer an equivalent of separate VLANs to a number of separate
customers. Transparent communication between different customer networks
48
at different locations through the provider networks is achieved through the
Provider Bridges.
In ICM, Layer2 stacks act as a Customer Bridge or Provider Bridge. An
Administrator chooses the type of bridge during the system initialization or
when the system is running.
The following are the different kinds of Provider Bridges:



Provider Bridge (Q-in-Q Bridge)
Provider Edge Bridge
Provider Core Bridge
Q-in-Q Bridge is a type of proprietary bridge in which transparent
communication between the customer networks is possible using the
customer tags.
Configuring Bridge Mode during System Initialization
During system initialization, ICMtakes the value of bridge mode from
issnvram.txt. The Administrator configures the type of bridge in issnvram.txt.
The values of bridge mode in issnvram.txt are as follows:
Table 5: Bridge Mode values in issnvram.txt
Bridge Mode
Value in issnvram.txt
Customer Bridge
1
Provider Bridge (q-in-q Bridge)
2
Provider Edge Bridge
3
Provider Core Bridge
4
 In this document, the term Dot1ad Bridges refers to Provider Edge Bridge and
Provider Core Bridge. The term Q-in-Q Bridges refers to Provider Bridge.
IP_ADDRESS
=10.0.0.1
IP_MASK
=255.0.0.0
INTERFACE
=Slot0/1
MGMT_PORT
=NO
RM_INTERFACE
=NONE
PIM_MODE
=2
BRIDGE_MODE
=3
SNOOP_FORWARD_MODE
=2
SAVE_FLAG
=1
RES_FLAG
=0
RES_OPTION
=1
RES_FILE_NAME
=iss.conf
CONSOLE_CLI
=1
Configuring Bridge Mode during System Runtime
The Bridge mode is also configured at runtime. The following conditions
apply, when Bridge mode is changed during runtime:
1. Spanning Tree must be in shut down state.
2. GARP Module must be in shut down state. GVRP and GMRP protocols
must be in disabled state.
After changing the bridge mode, the above modules (STP, GARP) are
started.
 Enter the Global Configuration mode.
switch#configure terminal
 Shutdown Spanning tree.
switch(config)# shutdown spanning-tree
 Disable the GVRP module.
switch(config)# set gvrp disable
 Disable the GMRP module.
switch(config)# set gmrp disable
 Shutdown the GARP module.
switch(config)# shutdown garp
 Change the bridge mode to provider-core bridge.
switch(config)# bridge-mode provider-core
switch(config)# end
3. View the current bridge mode of the switch by executing the following
command
switch# show vlan device info
Vlan device configurations
-------------------------Vlan Status
: Enabled
Vlan Oper status
: Enabled
Gvrp status
: disabled
Gmrp status
: disabled
Gvrp Oper status
: disabled
Gmrp Oper status
: disabled
Mac-Vlan Status
: Disabled
Protocol-Vlan Status
: Enabled
Bridge Mode
: Provider Core Bridge
Traffic Classes
: Enabled
Vlan Operational Learning Mode : IVL
Version number
: 1
Max Vlan id
: 4094
50
Max supported vlans
: 1024
Provider Bridge Configurations
The aim of IEEE 802.1ad Provider Bridges is to leverage Ethernet in Metro
Ethernet Networks. It also enables a service provider to provide multiple
services on a single port using the architecture and protocols of IEEE
802.1Q.
As per the standard, bridges are classified into VLAN Bridge (Customer
Bridge or C-VLAN Bridge), S-VLAN Bridge (Provider Core Bridge) and
Provider Edge Bridge.
A bridge is logically subdivided into the following components:


S-VLAN component.
C-VLAN component.
Configuring Provider Bridge Port Types
In Provider Bridges (Provider Edge Bridge or Provider Core Bridge), a port is
configured as one of the following port types:







Customer Edge Port (Applicable only for Provider Edge Bridge)
Customer Network Port - Port Based
Customer Network Port – Stag Based
Provider Network Port (Default Port Type)
Proprietary Customer Edge Port
Proprietary Customer Network Port
Proprietary Provider Network Port
1. When a port type is changed, all the configurations related to that port are
automatically removed.
2. Port type is not configured for a port channel, if some ports are
aggregated (configured as part for port-channel) in it.
 Enter the Global Configuration mode.
switch#configure terminal
 Enter the interface configuration mode.
switch(config)# interface TwentyGigE 0/1/1
 Configure the bridge port type for port 1 as customerNetworkPort
(Port-based).
switch(config-if)#bridge port-type customerNetworkPort portbased
switch(config-if)#end
3. View the port type configuration for port 1 by executing the following
command.
switch#show provider-bridge port config port TwentyGigE 0/1/1
Provider Bridge Port configuration table
----------------------------------------Port Gi0/1
Port Type
Network Port(Port-Based)
Dot1x Protocol Tunnel Status
: Customer
: Peer
LACP Protocol Tunnel Status
: Peer
Spanning Tree Tunnel Status
: Tunnel
GVRP Protocol Tunnel Status
: Tunnel
GMRP Protocol Tunnel Status
: Tunnel
IGMP Protocol Tunnel Status
: Tunnel
Service Vlan Classification
: PVID
Ingress EtherType
: 0x88a8
Egress EtherType
: 0x88a8
EtherType Swap Status
: Disable
Service Vlan Translation Status
: Disable
Require Drop Encoding
: False
Use_Dei
: False
PCP Selection Row
: 8P0D
Unicast Mac Learning Status
: Enable
Unicast Mac Learning Limit
: 150
----------------------------------------------------
 The Proprietary Port is explained in the section 0
Configuring C-VLAN Component
A Provider Edge Bridge comprises of a single S-VLAN component and zero
or many C-VLAN component, whereas Provider Core Bridge comprises of
only one S-VLAN component.
Configuring a port as Customer Edge Port results in creating a C-VLAN
component. The VLAN port number of the Customer Edge Port uniquely
identifies the C-VLAN component. A C-VLAN component in Provider Edge
Bridge comprises of a single Customer Edge Port and many Provider Edge
Ports. An Instance of RSTP runs on every C-VLAN component in the
Provider Edge Bridge considering CEP and PEPs as bridge ports.
Provider Edge Port Configurations
Creating a Provider Edge Port
The CVID Registration table provides mapping between a C-VLAN and a SVLAN. Many C-VLANs are mapped to a single service instance (S-VLAN).
Mapping the first C-VLAN to S-VLAN, results in creation of a Provider Edge
52
Port. Provider Edge Ports are logical ports, which are used to establish the
connectivity of C-VLAN component to the S-VLAN component.
VLAN Customer Edge Port and S-VLAN ID uniquely identify the Provider
Edge Ports.
For More Information about Provider Edge Port refer section 12.13 and
12.13.3 of IEEE 802.1ad Draft 6.0.
1. To create a Provider Edge Port
 Enter the Global Configuration mode.
switch#configure terminal
 Enter the interface configuration mode.
switch(config)# interface TwentyGigE 0/1/2TwentyGigE 0/1/1
 Configure the bridge port type for port 2 as customer Edge Port.
switch(config-if)# bridge port-type customerEdgePort
 Configure the CVID Registration table to create a Provider Edge Port
for service VLAN 2.
switch(config-if)#switchport customer-vlan 5 service-vlan 2
untagged-pep false untagged-cep true
switch(config-if)#end
2. View the CVID Registration table by executing the following command.
switch# show service vlan cvlan
Switch - default
Service Vlan Classification
------------------------------Service Vlan Port
Customer Vlan
Untag-pep
Untag-cep
----------------------------------------------------2
Gi0/2
5
false
True
switch# show provider-bridge pep configuration
Provider Edge Port configuration
------------------------------------Switch - default
Port Gi0/2
Service VLAN-ID
: 2
Port VLAN-ID
: 5
Acceptable Frame Type
: Admit all
Ingress Filtering
: Disabled
Default Priority
: 0
COS Preservation
Oper status
: Disabled
: Down
----------------------------------------------------
Setting the Operational Status of Provider Edge Port
For every service instance, a Provider Edge Port is created. VLAN Customer
Edge Port ID and S-VLAN ID identify Provider Edge Ports.
A Provider Edge Port is made operationally up only if the following conditions
are met:

Customer Edge Port of the corresponding C-VLAN component is
operationally up.
 S-VLAN corresponding to this Provider Edge Port is active.
1. Execute the following commands
 Enter the Global Configuration mode.
switch#configure terminal
 Enter the switch configuration mode.
switch(config)# switch default
 Enter the VLAN 2 configuration mode.
switch(config-switch)# vlan 2
 Configure the VLAN 2 as active.
switch(config-switch-vlan)# vlan active
 switch(config-switch-vlan)#end
2. View the operational status of provider edge port by executing the
following command.
switch# show provider-bridge pep configuration
Provider Edge Port configuration
------------------------------------Switch - default
Port Gi0/2
Service VLAN-ID
: 2
Port VLAN-ID
: 5
Acceptable Frame Type
: Admit all
Ingress Filtering
: Disabled
Default Priority
: 0
COS Preservation
Oper status
: Disabled
: Up
----------------------------------------------------
Configuring Provider Edge Port Parameters
Even though the Provider Edge Port is a logical port, this port has limited
parameters similar to the physical port.
The Provider Edge Port has the following parameters to configure:
1. PVID
2. Default User Priority
3. Acceptable Frame types
54
4. Ingress Filtering
Refer Provider Edge Port Configuration table [12.13.3.2] in IEE 802.1ad draft
6.0.
The following are the default values of Provider Edge Port Configuration
table:

PVID – PVID for PEP is the first C-VLAN ID mapped to the service
instance to which this PEP caters.
 Default User Priority – Zero.
 Ingress Filtering - Disabled.
 Acceptable Frame Types – Admit All.
1. Execute the following commands,
 Enter the Global Configuration mode
switch#configure terminal
 Enter the interface configuration mode
switch(config)# interface TwentyGigE 0/1/2
 Configure the PVID for Provider Edge Port as 10
switch(config-if)# service-vlan 2 pvid 10
 Configure the default user priority for Provider Edge Port as 5
switch(config-if)# service-vlan 2 def-user-priority 5
 Enable the Ingress filtering for the Provider Edge Port
switch(config-if)# service-vlan 2 ingress-filter enable
 Configure the acceptable frame type for provider Edge Port as
`Admit only Tagged`
switch(config-if)# service-vlan 2 acceptable-frame-type tagged
switch(config-if)#end
2. View the Provider Edge Port configurations by executing the following
command
switch# show provider-bridge pep configuration
Provider Edge Port configuration
------------------------------------Switch - default
Port Gi0/2
Service VLAN-ID
: 2
Port VLAN-ID
: 10
Acceptable Frame Type
Tagged
: Admit only VLAN
Ingress Filtering
: Enabled
Default Priority
: 5
COS Preservation
: Disabled
Oper status
: Up
----------------------------------------------------
C-VLAN Component Spanning Tree Configurations
An instance of Rapid Spanning tree with changes mentioned in section 13 of
IEEE 802.1ad D6.0 runs on a C-VLAN component. When a Port is configured
as CEP, the S-VLAN Spanning Tree disables this port VLAN and is active
only in C-VLAN Spanning Tree. For the Spanning Tree instance running on
the C-VLAN component, the CEP and PEPs of the corresponding C-VLAN
component are the bridge ports.
The Spanning Tree running on a C-VLAN component is viewed as:
switch# show customer spanning-tree
Switch default
Port [Gi0/2]
We are the root of the Spanning Tree
Root Id
Priority
65535
Address
00:01:02:03:04:02
Cost
0
Root Ports
Delay 0 Sec
Hello Time 2 Sec, Max Age 0 Sec, Forward
Customer Spanning Tree Enabled Protocol RSTP
Bridge Id
Priority 65535
Address 00:01:02:03:04:02
Delay 15 sec
Name
Role
----
----
PEP-Service: 2
SharedLan
CEP-Gi0/2
SharedLan
Hello Time 2 sec, Max Age 20 sec, Forward
State
----Designated
Cost
Prio
Type
----
----
------
Forwarding
128
32
Designated
Forwarding
200000
32
-------------------------------------------------------
Configuration of C-VLAN Component Spanning Tree Parameters
None of the C-VLAN Spanning Tree parameters are configured. C-VLAN
Component Spanning Tree uses the values given in the standard (Section 13
of IEEE 802.1ad D6.0). The only configuration that is allowed in a C-VLAN
Component Spanning Tree is to enable or disable the C-VLAN Spanning
Tree.
Configuring C-VLAN Spanning Tree Module Status
1. C-VLAN Spanning Tree is enabled or disabled by configuring the
Spanning Tree status of the CEP.
56
 Enter the Global Configuration mode
switch#configure terminal
 Enter the interface configuration mode
switch(config)# interface TwentyGigE 0/1/2
 Disable the Customer spanning tree by disabling the spanning tree
on the port 2
switch(config-if)# spanning-tree disable
switch(config-if)#end
2. View the customer spanning tree by executing the following command
switch# show customer spanning-tree
Switch default
Port [Gi0/2] Root Id
Priority
0
Address
00:00:00:00:00:00
Cost
0
Root Ports
Hello Time 2 Sec, Max Age 20 Sec,
Forward Delay 15 Sec
Customer Spanning tree Protocol has been disabled
Bridge Id
Priority 65535
Address 00:01:02:03:04:02
Hello Time 2 sec, Max Age 0 sec,
Forward Delay 15 sec
Name
Prio
Type
Role
State
Cost
-------
------
----
-----
----
PEP-Service: 2
32
SharedLan
Disabled
Unknown
128
CEP-Gi0/2
32
SharedLan
Disabled
Unknown
200000
---------------------------------------------------The Customer Spanning-Tree is viewed as:
switch# show customer spanning-tree
Switch default
Port [Gi0/2]
We are the root of the Spanning Tree
Root Id
Priority
65535
Address
00:01:02:03:04:02
Cost
0
Root Ports
Hello Time 2 Sec, Max Age 0 Sec,
Forward Delay 0 Sec
Customer Spanning Tree Enabled Protocol RSTP
Bridge Id
Priority 65535
Address 00:01:02:03:04:02
Hello Time 2 sec, Max Age 20 sec,
Forward Delay 15 sec
Name
Prio
Type
Role
State
Cost
-------
------
----
-----
----
PEP-Service: 2
32
SharedLan
Designated
Forwarding
128
CEP-Gi0/2
32
SharedLan
Designated
Forwarding
200000
-----------------------------------------------------
Configuring S-VLAN Component
S-VLAN component comprises of ports other than Customer Edge Ports and
Provider Edge ports.
1. Configure S-VLAN as follows:
 Enter the global configuration mode
switch# config terminal
 Enter the switch configuration mode
switch(config)# switch default
 Enter the VLAN 2 configuration mode
switch(config-switch)# vlan 2
 Configure the Member ports for the Service VLAN 2
switch(config-switch-vlan)# ports TwentyGigE 0/1/1,0/2 untagged
TwentyGigE 0/1/1
switch(config-switch-vlan)# end
2. View the service VLAN by executing the following command
switch#show vlan brief
switch# show vlan id 2
Switch default
Vlan database
------------Vlan ID
: 2
58
Member Ports
: Gi0/1, Gi0/2
Untagged Ports
: Gi0/2
Forbidden Ports
: None
Name
:
Status
: Permanent
ServiceType
: E-LAN
MacLearning Status
: Enabled
----------------------------------------------------
 A Provider Network Port (PNP) is not configured as untagged port of a S-VLAN.
S-VLAN Component Spanning Tree is a Multiple Instance Spanning Tree or
a Rapid Spanning Tree.
A S-VLAN Spanning Tree is viewed as:
switch# show spanning-tree
Switch default
Root Id
Priority
32768
Address
00:01:02:03:04:01
Cost
0
Port
0 [0]
This bridge is the root
Max age 20 Sec, forward delay 15 Sec
MST00
Spanning tree Protocol Enabled.
S-VLAN Component: MST00 is executing the mstp
compatible Multiple Spanning Tree Protocol
Bridge Id
Priority
Address
32768
00:01:02:03:04:01
Max age is 20 sec, forward delay is 15
sec
Name
Type
Role
State
Cost
Prio
-------
----
-----
----
----
Gi0/1
Designated
SharedLan
Forwarding
200000
128
Gi0/2
Disabled
SharedLan
Discarding
200000
128
--
Configuring a Flow for 802.1ad Bridge Port Type
In Figure 2, CB1 and CB2 are the Customer Bridges transparently connected
through the Provider Network PB1 and PB2.
PB1
P2
P2
PB2
P1
P1
CB2
CB1
Figure 2: A Simple Deployment Scenario for 802.1ad Bridges
Switch PB1:
MAC Address: 00:01:02:03:04:01
VLAN 1 - 10.0.0.1/255.0.0.0
Switch PB2:
MAC Address: 00:02:02:03:04:01
VLAN 1 – 10.0.0.2 /255.0.0.0
Switch CB1:
MAC Address: 00:03:02:03:04:01
VLAN 1 – 10.0.0.10/255.0.0.0
Switch CB2:
MAC Address: 00:04:02:03:04:01
VLAN 1 – 10.0.0.20/255.0.0.0
Achieving Connectivity through CEP
The connectivity through CEP is achieved as follows:
1. Configure PB1 and PB2 as Provider Edge Bridge.
2. Configure CB1 and CB2 as Customer Bridges.
3. Create VLANVLAN 5 with member ports as P1, P2 in CB1 and CB2,
4. Configure PB1 and PB2 as follows:
 P1 as Customer Edge Port
 C-VID registration entry configuration for port P1 is as follows:
switchport customer-vlan 5 service-vlan 2 untagged-pep false
untagged-cep false
 S- VLAN 2 with member ports as P1, P2, with P1 as untagged port.
Now the C-VLAN tagged packets with VLANVLAN ID as 5 reaches port P1 of
CB2 sent from port P1 of CB1.
60
Achieving Transparent Connectivity through CNP (Port Based)
The connectivity through CNP (Port Based) is achieved as follows:
1. Configure PB1 and PB2 as Provider Edge Bridge.
2. Configure CB1 and CB2 as Customer Bridges.
3. Create VLANVLAN 5 with member ports as P1, P2 in CB1 and CB2.
4. Configure the following in PB1 and PB2:
 P1 as Customer Network Port (Port Based)
 S-VLAN 2 with member ports as P1, P2 with P1 as untagged port.
 PVID of the port P1 as VLAN 2.
Now the C-VLAN tagged packets with VLANVLAN ID as 5, reaches port P1
of CB2 sent from port P1 of CB1.
Handling Priority in Provider Bridges
Priority and drop_eligible parameters are encoded in the priority code point
(PCP) field of the VLAN tag using Priority Code Point Encoding Table.
On packet reception, priority and drop_eligible parameters are decoded from
the PCP field of the VLAN tag using Priority Code Point Decoding Table.
Configuring PCP Encoding Table
For each port, the PCP Encoding table has 16 entries corresponding to each
of the possible combinations of eight possible values of priority (0-7) with two
possible values of drop_eligible (True or False). The input for the PCP
Encoding table is PCP Selection Row, Priority and Drop_Eligible, and the
output for the PCP Encoding table is PCP Value.
Whenever a packet has to be sent out on a S-Tagged port, the PCP
Encoding table provides the value of the PCP in the S-Tag. For configuring
the Priority Encoding table, the rules provided under section 6.7.3 is applied
for the input values.
1. Configure PCP Encoding table as:
 Enter the Global Configuration mode
switch# configure terminal
 Enter the Interface configuration mode
switch(config)# interface TwentyGigE 0/1/1
 Configure the PCP Encoding table by executing the following
command
switch(config-if)# pcp-encoding 8POD priority 5 drop-eligible
false pcp 6
switch(config-if)# end
2. View the PCP Encoding table by executing the following command
switch# show provider-bridge pcp encoding
Pcp Encoding Table
-------------------------------------
Switch - default
Port Gi0/1
----------DropEligible: 0 0DE 1 1DE 2 2DE 3 3DE 4 4DE 5 5DE 6
6DE 7 7DE
Priority
:
-----------------------------------------------------8POD
6 7
: 0
0
1
1
2
2
3
3
4
7P1D
7 7
: 0
0
1
1
2
2
3
3
5 4
6P2D
7 7
: 0
0
1
1
3
2
3
2
5
4
5
4
6
6
5P3D
7 7
: 1
0
1
0
3
2
3
2
5
4
5
4
6
6
7
4
6
5
5
4
6
6
6
Port Gi0/2
----------DropEligible: 0 0DE 1 1DE 2 2DE 3 3DE 4 4DE 5 5DE 6
6DE 7 7DE
Priority
:
-----------------------------------------------------8POD
7 7
: 0
0
1
1
2
2
3
3
4
4
5
5
6
6
7P1D
7 7
: 0
0
1
1
2
2
3
3
5
4
5
4
6
6
6P2D
7 7
: 0
0
1
1
3
2
3
2
5
4
5
4
6
6
5P3D
7 7
: 1
0
1
0
3
2
3
2
5
4
5
4
6
6
Configuring PCP Decoding Table
For each port, the PCP Decoding table has eight entries corresponding to
each of the possible PCP values. The input for the PCP Decoding table is
PCP Selection Row and PCP Value, and the output for the PCP Decoding
table is Priority and Drop Eligible.
Whenever a packet is received on a port with S-Tag, the PCP Decoding table
provides the value of the Priority and Drop-Eligible for the packet.
For configuring the Priority Decoding table, the rules provided under section
6.7.3 is applied for the input values.
1. Configuration of PCP Decoding table:
 Enter the global configuration mode
switch# configure terminal
62
 Enter the interface configuration mode
switch(config)# interface TwentyGigE 0/1/1
 Configure the PCP Decoding table by executing the following
command
switch(config-if)# pcp-decoding 8POD pcp 7 priority 6 dropeligible false
switch(config-if)# end
2. View the PCP decoding table by executing the following command
switch# show provider-bridge pcp decoding
Pcp Decoding Table
------------------------------------Switch - default
Port Gi0/1
----------PCP
:
0
1
2
3
4
5
6
7
---------------------------------------------8POD
4 6
: 0
5 6
1
6 7
2
7
3
4
5
1
2
2
3
3
4
5
4
6
6
7P1D
7 7
: 0
0
1
1
2
2
3
3
5 4
6P2D
7 7
: 0
0
1
1
3
2
3
2
5
4
5
4
6
6
5P3D
7 7x 7
: 1
0
1
0
3
2
3
2
5
4
5
4
6
6
0
2DE
2
4DE
4
6
7
1
2
3
4
5
6
7
5P3D
: 0DE
Port Gi0/2
----------PCP
:
0
---------------------------------------------8POD
: 0
1
2
3
4
5
6
7
7P1D
: 0
1
2
3
4DE
4
6
7
6P2D
: 0
1
2DE
2
4DE
4
6
7
5P3D
: 0DE
0
2DE
2
4DE
4
6
7
Configuring PCP Selection Row
PCP Selection Row is configured as per the port. The row in PCP Encoding
and PCP Decoding table corresponding to the configured value is for the
PCP encoding and PCP decoding on this port.
The conventions followed in naming the PCP Selection Row are:

Number of priorities with no drop precedence.

Number of priorities with drop precedence.
For an example:
1. In 6P2D, 6 priorities contain no drop precedence and the rest 2 priorities
contain drop precedence option.
 Enter the global configuration mode
switch# configure terminal
 Enter the interface configuration mode
switch(config)# interface TwentyGigE 0/1/1
 Configure the PCP selection row for the port P1
switch(config-if)#switchport provider-bridge pcp-selection-row
6P2D
switch(config-if)#end
2. View the provider bridge port configuration by executing the following
command
switch#show provider-bridge port config port TwentyGigE 0/1/1
Switch - default
Provider Bridge Port configuration table
----------------------------------------Port Gi0/1
Port Type
Network Port
: Provider
Service Vlan Classification
: PVID
Ingress EtherType
: 0x88a8
Egress EtherType
: 0x88a8
EtherType Swap Status
: Disable
Service Vlan Translation Status
: Enable
Require Drop Encoding
: False
Use_Dei
: False
PCP Selection Row
: 6P2D
Unicast Mac Learning Status
: Enable
Unicast Mac Learning Limit
: 150
Configuring Service Priority Regeneration Table
Service Priority Regeneration table is applied only on internal CNP of the SVLAN component. For every service offered on a CEP, a logical Provider
Edge port is created in the C-VLAN component side and a logical internal
CNP is created in the S-VLAN component. Packets coming out of the PEP
enter the S-VLAN component through internal CNP. Packets coming to the
internal CNP are from the customer side. Hence the priority for those packets
is regenerated in internal CNP. Whenever a packet is received on a CEP, it
has to be transmitted to the provider network. As they are of two different
64
networks, the priority has to be regenerated and hence the Priority
Regeneration table is applied.
CEP port number and S-VLAN ID index the Priority Regeneration table.
Therefore for PEP (created by the CVID Registration table) there exists a
Service Priority Regeneration table in S-VLAN component on internal CNPs.
By default, Received Priority and Regenerated Priority are the same.
1. Execute the following commands
 Enter the global configuration mode
switch# configure terminal
 Enter the interface configuration mode
switch(config)# interface TwentyGigE 0/1/1
 Configure the Service priority regeneration table by executing the
following command
switch(config-if)# service-vlan 2 recv-priority 5 regen-priority 2
switch(config-if)#end
2. View the service priority regeneration table by executing the following
command
switch# show provider-bridge priority regen
Service Priority Regeneration table
----------------------------------Switch - default
Port : Gi0/2
Service VLAN-ID : 2
Receive Priority
Regenerated Priority
-----------------
---------------------
0
0
1
1
2
2
3
3
4
4
5
2
6
6
7
7
Configuring Use DEI
The Use DEI allows the S-Tag to convey eight distinct priorities each with a
drop eligible indication for each port.
When Use DEI is set to true on a port:
 Packets sent with drop_eligible true has USE_DEI bit in the
VLANVLAN tag set.
 Packets received on this port with USER_DEI filed in the VLANVLAN
tag set are considered as packets with drop_eligible true.
 Default value of Use DEI is false.
1. To configure Use DEI, execute the following commands
 Enter the global configuration mode
switch# configure terminal
 Enter the interface configuration mode
switch(config)# interface TwentyGigE 0/1/1TwentyGigE 0/1/1
 Configure the use-dei variable for the port 1 as `true` by executing
the following command
switch(config-if)# switchport provider-bridge use-dei true
switch(config-if)#end
2. View the provider bridge port configuration by executing the following
command
switch# show provider-bridge port config port TwentyGigE 0/1/1
Switch - default
Provider Bridge Port configuration table
----------------------------------------Port Gi0/1
Port Type
Network Port
: Provider
Service VLAN Classification
: PVID
Ingress EtherType
: 0x88a8
Egress EtherType
: 0x88a8
EtherType Swap Status
: Disable
Service VLAN Translation Status
: Enable
Require Drop Encoding
: False
Use_Dei
: True
PCP Selection Row
: 8P0D
Unicast Mac Learning Status
: Enable
Unicast Mac Learning Limit
: 150
Configuring VLAN Translation Table
VLAN Translation table is used for interconnecting two different provider
networks. VLAN Translation table provides a one-to-one bidirectional
mapping between the Local S-VLAN and the Relay S-VLAN.
 Local S-VLAN - Used in Data and Protocol frames for transmission
and reception of frames.
 Relay S-VLAN - Used by Filtering and Forwarding Processes of the
SVLAN component.
VLAN Translation table is applicable only for Provider Network Port and
Customer Network Ports (S-Tagged).
66
1. Execute the following commands
 Enter the global configuration mode
switch# configure terminal
 Enter the interface configuration mode
switch(config)# interface TwentyGigE 0/1/1 TwentyGigE 0/1/1
 Configure the VLAN Translation table by executing the following
command
switch(config-if)# switchport service vlan mapping 20 2
switch(config-if)#end
2. View the VID Translation table by executing the following command
switch# show service vlan mapping
Switch - default
Service Vlan Mapping
------------------------Port Gi0/1
----------Local service vlan
Relay service vlan
20
2
3. VLAN Translation table is enabled or disabled on a per port basis. By
default, it is enabled on PNP and CNP (S-Tagged).
 Enter the global configuration mode
switch# configure terminal
 Enter the interface configuration mode
switch(config)# interface TwentyGigE 0/1/1
 Disabling the VID Translation table on port 1
switch(config-if)# set switchport service vlan swap disable
switch(config-if)#end
4. View the VID Translation status for the port by executing the following
command
switch# show provider-bridge port config port TwentyGigE 0/1/1
Switch - default
Provider Bridge Port configuration table
----------------------------------------Port Gi0/1
Port Type
Network Port
: Provider
Service Vlan Classification
: PVID
Ingress EtherType
: 0x88a8
Egress EtherType
: 0x88a8
EtherType Swap Status
: Disable
Service Vlan Translation Status
: Disable
Require Drop Encoding
: False
Use_Dei
: False
PCP Selection Row
: 8P0D
Unicast Mac Learning Status
: Enable
Unicast Mac Learning Limit
: 150
Tunneling in Provider Network
Customer networks are connected transparently through the provider
network. The data traffic sent by the customer is passed transparently
through the provider network. Similarly, the customer control packets are
treated as data packet, and are switched as data packets in the provider
network, if tunneling is enabled for those control packets in the edge of the
provider network. The following sections explain, how the other layer 2
protocols are tunneled across the provider network.
Protocol tunneling is configured only on customer point of attachments (that
is on Customer Edge Ports, Customer Network Port (Port-Based),
Proprietary Customer Edge Port and Proprietary Customer Network Ports).
 Customer Network Port (S-Tagged) tunneling option is not supported, even though it
is a customer point of attachment and Protocol tunneling is also not supported on all
other port types except mentioned above.
Control packets received on a port is tunneled or peered or discarded based
on the options (Tunnel or Peer or Discard) configured through the protocol
tunnel command. Tunneled protocol packets are treated as data packets and
are forwarded in the S-VLAN to which they belong.
Tunneling Spanning Tree Protocol
Provider Spanning Tree address is different from the Customer Spanning
Tree protocol address. Hence in the provider network, the Customer
Spanning Tree BPDUs are treated as data packets and are forwarded
without changing the destination address.
In C-VLAN component, Rapid Spanning Tree runs and interacts with the
Customer Spanning Tree BPDUs received on C-VLAN component ports. By
default, the STP tunnel status on CEP is peer. To tunnel the STP packet on
CEP, the C-VLAN Spanning Tree must be disabled on that CEP, and there
must be only one PEP in that C-VLAN component.
Only on CEP, the STP tunnel status is set to peer and on all other ports, it is
not set, where the protocol tunneling does not supports peer option.
STP tunnel status is set to tunnel or it is set to discard on all port types,
where the protocol tunneling option is set.
68
Tunneling GVRP Protocol
IEEE 802.1ad has defined a new address for running GVRP in provider
networks. So, the Customer GVRP packets are transmitted transparently in
provider networks.
GVRP tunnel status is set to tunnel or it is set to discard on any of the ports,
where the protocol tunneling is supported.
GVRP tunnel status is not set to peer on any of the ports.
Tunneling GMRP Protocol
In Provider Edge and Provider Core Bridges, GMRP (in ICM) is always
disabled. So, the Customer GMRP packets are tunneled transparently across
the provider networks.
Tunneling IGMP Protocol
In Provider Edge and Provider Core Bridges, IGMP protocol (in ICM) is
always disabled. So, the Customer IGMP packets are tunneled transparently
across the provider networks.
Tunneling DOT1X Protocol
In Provider Edge and Provider Core Bridges, Dot1x protocol (in ICM) is
always enabled by default. Dot1x must be enabled in any of the Provider
Edge and Provider Core Bridges of the entire provider network to enable the
tunneling of Dot1x protocol.
Tunneling LACP Protocol
In Provider Edge and Provider Core Bridges, LACP (in ICM) is always
enabled by default. LACP must be enabled on that port to enable the
tunneling of LACP Protocol on a port.
In LACP tunneling, a single service instance is required to tunnel the LACP
packets between the two customer points of attachment across the provider
network. So, to aggregate two ports on one point of attachment to two ports
of another point of attachment, two service instances are required.
1. Execute the following commands,
 Enter the global configuration mode
switch# configure terminal
 Enter the interface configuration mode
switch(config)# interface TwentyGigE 0/1/1
 Configure the STP protocol tunnel status for Port 1 as `peer`
switch(config-if)#l2protocol-peer stp
 Configure the GVRP protocol tunnel status for Port 1 as `tunnel`
switch(config-if)#l2protocol-tunnel gvrp
 Configure the GMRP protocol tunnel status for Port 1 as `discard`
switch(config-if)#l2protocol-discard gmrp
switch(config-if)#end
2. View the protocol tunnel status by executing the following command
switch# show provider-bridge port config port TwentyGigE 0/1/1
Switch - default
Provider Bridge Port configuration table
----------------------------------------Port Gi0/1
Port Type
: Customer Edge Port
Dot1x Protocol Tunnel Status
: Peer
LACP Protocol Tunnel Status
: Peer
Spanning Tree Tunnel Status
: Peer
GVRP Protocol Tunnel Status
: Tunnel
GMRP Protocol Tunnel Status
: Discard
IGMP Protocol Tunnel Status
: Discard
Service Vlan Classification
: Customer Vlan
Ingress EtherType
: 0x88a8
Egress EtherType
: 0x8100
EtherType Swap Status
: Disable
Service Vlan Translation Status
: Disable
Require Drop Encoding
: False
Use_Dei
: False
PCP Selection Row
: 8P0D
Unicast Mac Learning Status
: Enable
Unicast Mac Learning Limit
: 150
Customer Vlan
: 1
Customer Vlan Status
: Enabled
Configuring Tunnel MAC Address
For Spanning Tree and GVRP packets, the destination Mac addresses are
different in provider network and customer network. So, for tunneling these
control PDUs, there is no need to change the destination Mac address. But to
interop with the Q-in-Q bridges, the destination Mac address for these control
packets are changed on those ports that are connected to Q-in-Q bridges.
For other protocol tunneling, the destination Mac address is to be changed to
make the protocol frames appear as data packet in the rest of the provider
network.
The default tunnel Mac address defined for each protocol is given below:
70
switch# show l2protocol tunnel-mac-address
VLAN tunnel MAC address
-------------------------Switch - default
-------------------------Dot1x tunnel MAC address :
01:00:0c:cd:cd:d3
LACP
01:00:0c:cd:cd:d4
STP
tunnel MAC address :
tunnel MAC address :
01:00:0c:cd:cd:d0
GVRP
tunnel MAC address :
01:00:0c:cd:cd:d1
GMRP
tunnel MAC address :
01:00:0c:cd:cd:d2
1. For configuring GMRP tunnel Mac address:
 Enter the global configuration mode
switch# configure terminal
 Enter the switch configuration mode
switch(config)# switch default
 Configure the GMRP protocol tunnel Mac address as
01:22:33:44:55:66
switch(config-switch)# gmrp-tunnel-address 01:22:33:44:55:66
switch(config-switch)#end
2. View the protocol tunnel mac address by executing the following
command
switch# show l2protocol tunnel-mac-address
VLAN tunnel MAC address
-------------------------Switch - default
-------------------------Dot1x tunnel MAC address :
01:00:0c:cd:cd:d3
LACP
01:00:0c:cd:cd:d4
STP
tunnel MAC address :
tunnel MAC address :
01:00:0c:cd:cd:d0
GVRP
tunnel MAC address :
01:00:0c:cd:cd:d1
GMRP
tunnel MAC address :
01:22:33:44:55:66
Protocol Tunneling in Customer Bridges
Provider Network is comprised of both customer bridges and provider
bridges. The customer bridges present in the provider network operate only
on C-VLANs. The data packets in the customer bridges will be switched in
the provider network using only C-VLANs.
But the protocol packets in the customer bridges must be tunneled. For
enabling Protocol tunneling on a port in customer bridge (present in provider
network), the port need not be an access port.
The Administrator can configure a protocol tunnel status as tunnel/discard
only when a particular protocol is disabled on that port. This rule applies to
STP, GVRP and GMRP protocols.



In case of IGMP and DOT1X, for configuring the protocol tunnel status as
tunnel/discard, the administrator must disable the protocol in the system.
In case of LACP, the protocol tunnel status cannot be configured on portchannel interfaces.
The Tunnel MAC address for all the protocols can also be configured in
the customer bridges (as discussed in section 5.7.7).
Configuring Port MAC Learning Status and Limit
The Administrator configures the Mac Learning Status of each port as
enabled or disabled. By default, each port in the bridge is allocated a limit on
the number of Mac address that is learnt on that port. The Mac Learning Limit
on each port is also configurable. The Port Mac Learning Limit is applicable
only for the dynamic learnt entries.
1. Execute the following commands,
 Enter the global configuration mode
switch# configure terminal
 Enter the interface configuration mode
switch(config)# interface TwentyGigE 0/1/1
 Configure the unicast mac learning status as `disable`
switch(config-if)# switchport unicast-mac learning disable
 Configure the unicast mac learning limit as `40`
switch(config-if)# switchport unicast-mac learning limit 40
switch(config-if)#end
2. View the unicast mac learning status and limit by executing the following
command
switch# show provider-bridge port config port TwentyGigE 0/1/1
Switch - default
Provider Bridge Port configuration table
----------------------------------------Port Gi0/1
Port Type
: Provider Network Port
Service Vlan Classification
: PVID
Ingress EtherType
: 0x88a8
Egress EtherType
: 0x88a8
EtherType Swap Status
: Disable
Service Vlan Translation Status: Disable
Require Drop Encoding
: False
Use_Dei
: False
72
PCP Selection Row
: 8P0D
Unicast Mac Learning Status
: Disable
Unicast Mac Learning Limit
: 40
Configuring Static Multicast Mac Limit
Static Multicast Mac Limit is configured at run time. By default, Multicast Mac
Limit is the total size of the Multicast Mac table.
1. Execute the following commands,
 Enter the global configuration mode
switch# configure terminal
 Enter the switch configuration mode
switch(config)#switch default
 Configure the multicast mac limit as 4
switch(config-switch)# multicast-mac limit 4
switch(config-switch)# end
2. View the multicast mac limit by executing the following command
switch# show multicast-mac limit
Switch - default
Mulitcast Mac Limit
: 4
Configuring Ether Type Swap Table
In Provider Bridges, the port recognizes and processes only the S-Tagged
packet with ether type 0x88a8. But in provider network, there is a possibility
to interop with different networks that operates with different ethertype. Ether
type Swap table is configured, such that, the different ether types are
interpreted as the S-Tag ether type.
Local Ethertype - Ether type that is present in frame. Relay ether type is used
for processing the ethertype of the frame.
1. Execute the following commands,
 Enter the global configuration mode
switch# configure terminal
 Enter the interface configuration mode
switch(config)# interface TwentyGigE 0/1/1TwentyGigE
0/1/1Configure the ether type swap table by executing the following
command
switch(config-if)# switchport Dot1q ethertype mapping 0x88a1
0x88a8
switch(config-if)# end
2. View the ether type swap table
switch# show ethertype mapping
Switch - default
EtherType Mapping
----------------------Port Gi0/1
----------Local EtherType
Relay EtherType
0x88a1
0x88a8
Configuring Customer Port VLAN ID
This configuration is valid only for CEP, PCEP and PCNP ports. When CEP
receives an untagged packet, the packet is classified into C-VLAN based on
the CPVID configured for the Customer Edge Port. The above behavior is
enabled or disabled in the command “switchport Dot1q customer vlan
disable/enable“.
1. Execute the following commands
 Enter the global configuration mode
switch# configure terminal
 Enter the interface configuration mode
switch(config)# interface TwentyGigE 0/1/1
 Configure the bridge port type as Customer Edge Port
switch(config-if)# bridge port-type CustomerEdgePort
 Configure the Customer VLAN PVID as 10 for Port 1
switch(config-if)# switchport dot1q customer vlan 10
 Configure the Customer VLAN classification status as `disable`
switch(config-if)# switchport Dot1q customer vlan disable
switch(config-if)#end
2. View the provider bridge port configurations by executing the following
command
switch# show provider-bridge port config port TwentyGigE 0/1/1
Switch - default
Provider Bridge Port configuration table
----------------------------------------Port Gi0/1
Port Type
: Customer Edge Port
Dot1x Protocol Tunnel Status
: Peer
LACP Protocol Tunnel Status
: Peer
Spanning Tree Tunnel Status
: Peer
GVRP Protocol Tunnel Status
: Discard
GMRP Protocol Tunnel Status
: Discard
IGMP Protocol Tunnel Status
: Discard
74
Service Vlan Classification
: Customer Vlan
Ingress EtherType
: 0x88a8
Egress EtherType
: 0x8100
EtherType Swap Status
: Disable
Service Vlan Translation Status
: Disable
Require Drop Encoding
: False
Use_Dei
: False
PCP Selection Row
: 8P0D
Unicast Mac Learning Status
: Enable
Unicast Mac Learning Limit
: 150
Customer Vlan
: 10
Customer Vlan Status
: Disabled
Configuring S-VLAN
A S-VLAN is configured to provide two different service types namely E-LINE
and E-LAN.
E-LINE is defined as “point-to-point” service offered to a customer. E-LAN is
defined as “multipoint-multipoint” service offered to a customer.
By default, the S-VLAN has a service type as “E-LAN”. If a service type is
configured as ”E-LINE”, then the VLAN is not allowed to have more than two
member ports.
1. Execute the following commands
 Enter the global configuration mode
switch# configure terminal
 Enter the switch configuration mode
switch(config)# switch default
 Enter the VLAN 2 configuration mode
switch(config-switch)# vlan 2
 Configure the service type for the VLAN 2 as `E-LINE`
switch(config-switch-vlan)# service-type e-line
switch(config-switch-vlan)# end
2. View the service type of the S-VLAN by executing the following command
switch# show vlan
Switch default
Vlan database
------------Vlan ID
: 1
Member Ports
: None
Untagged Ports
: None
Forbidden Ports
: None
Name
:
Status
: Permanent
ServiceType
: E-LAN
MacLearning Status
: Enabled
---------------------------------------------------Vlan ID
: 2
Member Ports
: Gi0/1, Gi0/2
Untagged Ports
: None
Forbidden Ports
: None
Name
:
Status
: Permanent
ServiceType
: E-LINE
MacLearning Status
: Disabled
----------------------------------------------------
Configuring Ingress and Egress Ether Type
A port is configured with Ingress and Egress ether type.
Ingress ether type – If the ether type of the received packet matches with that
of the Ingress ether type of the reception port, then that packet is considered
as the tagged packet.
Egress ether type – All the tagged outgoing packets on a port are sent out
with the configured Egress ether type of the outgoing port.
By default, Ingress and Egress ether type for PNP is “0x88a8”. In case of
CEP, the Ingress ether type is “0x8100”. And for PPNP, the Ingress and
Egress ether type is “0x8100”.
1. Execute the following commands
 Enter the global configuration mode
switch#configure terminal
 Enter the interface configuration mode
switch(config)#interface TwentyGigE 0/1/1
 Configure the ingress Ether type for the Port 1 as 0x8899
switch(config-if)# switchport Dot1q ingress ether-type 0x8899
switch(config-if)# end
2. View the ingress and Egress Ether type by executing the following
command
switch# show vlan port config port TwentyGigE 0/1/1
Switch - default
Provider Bridge Port configuration table
76
----------------------------------------Port Gi0/2
Bridge Port Type
Port
: Provider Network
Port Vlan ID
: 1
Port Acceptable Frame Type
: Admit All
Port Mac Learning Status
: Enabled
Port Ingress Filtering
: Disabled
Port Mode
: Hybrid
Port Gvrp Status
: Enabled
Port Gmrp Status
: Disabled
Port Gvrp Failed Registrations
: 0
Gvrp last pdu origin
: 00:00:00:00:00:00
Port Restricted Vlan Registration : Disabled
Port Restricted Group Registration: Disabled
Mac Based Support
: Disabled
Subnet Based Support
: Disabled
Port-and-Protocol Based Support
: Enabled
Default Priority
: 0
Filtering Utility Criteria
: Default
Port Protected Status
: Disabled
Ingress EtherType
: 0x8899
Egress EtherType
: 0x88a8
Egress TPID Type
: Portbased
Allowable TPID 1
: 0x0
Allowable TPID 2
: 0x9100
Allowable TPID 3
: 0x0
Configuring Additional Ingress Ether Types
By Default only one ether type can be configured for a port. In a deployment
if the port needs to process different VLAN ether-type packets, then this can
be achieved by allowing multiple (maximum 4 different Ether-types) TPID's
on part. Based on this configuration, packets arriving with the configured
TPIDs will be considered as tagged packets.
1. Execute the following commands
 Enter the global configuration mode
switch#configure terminal
 Enter the interface configuration mode
switch(config)#interface TwentyGigE 0/1/1
 Configure the ingress Ether type for the Port 1 as 0x9100
switch(config-if)# switchport encapsulation dot1ad vlan-type
tpid2
switch(config-if)# end
2. Execute the following commands to configure Ether type for port 1 as any
user defined tpid.
 Enter the global configuration mode
switch# configure terminal
switch(config)# user-defined TPID 34567
 Enter the interface configuration mode
switch(config)# interface TwentyGigE 0/1/1
 Configure the ingress Ether type for the Port 1 as user defined tpid
switch(config-if)# switchport encapsulation dot1ad vlan-type
tpid3
switch(config-if)# end
3. View the additional Ingress Ether types configured by executing the
following command
switch# show vlan port config port gigabitethernat 0/1
Switch default
Vlan Port configuration table
Port Gi0/1
Bridge Port Type
Network Port
: Provider
Port Vlan ID
: 1
Port Acceptable Frame Type
: Admit All
Port Mac Learning Status
: Enabled
Port Ingress Filtering
: Disabled
Port Mode
: Hybrid
Port Gvrp Status
: Enabled
Port Gmrp Status
: Disabled
Port Gvrp Failed Registrations
: 0
Gvrp last pdu origin
00:00:00:00:00:00
:
Port Restricted Vlan Registration
: Disabled
Port Restricted Group Registration
: Disabled
Mac Based Support
: Disabled
Subnet Based Support
: Disabled
Port-and-Protocol Based Support
: Enabled
Default Priority
: 0
78
Filtering Utility Criteria
: Default
Port Protected Status
: Disabled
Ingress EtherType
: 0x88a8
Egress EtherType
: 0x88a8
Egress TPID Type
: Portbased
Allowable TPID 1
: 0x0
Allowable TPID 2
: 0x9100
Allowable TPID 3
: 0x8707
Configuring Vlan Based Egress Ether Type
Egress Ether Type can be selected based on per port or per VLAN basis. By
default ether type selection based on port is enabled, if needed, it can be reconfigured by executing the following commands
1. Execute the following commands to select Vlan based ether type
selection
 Enter the global configuration mode
switch# configure terminal
 Enter the interface configuration mode
switch(config)# interface TwentyGigE 0/1/1
 Configure ether type selection based on vlan
switch(config-if)# switchport egress TPID-type vlanbased
switch(config-if)# end
2. Execute the following commands to configure ether type of a vlan
 Enter the global configuration mode
switch# configure terminal
 Enter the vlan configuration mode
switch(config)# vlan 1
 Configure the egress Ether type for vlan 1 as 8100
switch(config-vlan)# vlan egress ether-type CTAG
switch(config-if)# end
3. View the vlan based egress Ether type selection by executing the
following command
switch# show vlan port config port TwentyGigE 0/1/1
Switch default
Vlan Port configuration table
------------------------------Port Gi0/1
Bridge Port Type
Network Port
: Provider
Port Vlan ID
: 1
Port Acceptable Frame Type
: Admit All
Port Mac Learning Status
: Enabled
Port Ingress Filtering
: Disabled
Port Mode
: Hybrid
Port Gvrp Status
: Enabled
Port Gmrp Status
: Disabled
Port Gvrp Failed Registrations
: 0
Gvrp last pdu origin
00:00:00:00:00:00
:
Port Restricted Vlan Registration
: Disabled
Port Restricted Group Registration
: Disabled
Mac Based Support
: Disabled
Subnet Based Support
: Disabled
Port-and-Protocol Based Support
: Enabled
Default Priority
: 0
Filtering Utility Criteria
: Default
Port Protected Status
: Disabled
Ingress EtherType
: 0x88a8
Egress EtherType
: 0x88a8
Egress TPID Type
: Vlanbased
Allowable TPID 1
: 0x0
Allowable TPID 2
: 0x9100
Allowable TPID 3
: 0x0
switch# show vlan
Switch default
Vlan database
------------Vlan ID
: 1
Member Ports
: None
Untagged Ports
: None
Forbidden Ports
: None
Name
:
Status
: Permanent
Egress Ethertype
: 0x8100
80
Configuring Proprietary Port Types
Apart from the standard defined port types, there are proprietary port types
supported by ICM. The proprietary port types are Proprietary Customer Edge
Port (PCEP), Proprietary Customer Network Port (PCNP) and Proprietary
Provider Network Port (PPNP).
A standard port types has only restricted S- VLAN classification mechanisms,
whereas PCEP and PCNP supports various types of S- VLAN classification
mechanisms namely, Source Mac, Destination Mac, C- VLAN + Source Mac,
C- VLAN + Destination Mac, Dscp, C- VLAN + Dscp, Source Ip, Destination
Ip, Source Ip + Destination Ip, C- VLAN + Destination IP and PVID.
1. Execute the following commands
 Enter the global configuration mode
switch#configure terminal
 Enter the interface configuration mode
switch(config)# interface TwentyGigE 0/1/1TwentyGigE 0/1/1
 Configure the bridge port type for port 1 as Proprietary Customer
Edge Port
switch(config-if)# bridge port-type propCustomerEdgeport
 Configure the Service VLAN classification method as `CvlanSrcMac`
switch(config-if)# switchport service vlan classify VLAN
cVLANSrcMac
 Configure the CVLAN Source Mac address classification table by
executing the following command
switch(config-if)# switchport service vlan 2 customer vlan 5
SrcMac 00:11:22:33:22:11
switch(config-if)#end
2. View the provider edge port configuration by executing the following
command
switch# show provider-bridge port config port TwentyGigE 0/1/1
Switch - default
Provider Bridge Port configuration table
----------------------------------------Port Gi0/1
Port Type
Edge Port
: Prop Customer
Dot1x Protocol Tunnel Status
: Peer
LACP Protocol Tunnel Status
: Peer
Spanning Tree Tunnel Status
: Tunnel
GVRP Protocol Tunnel Status
: Tunnel
GMRP Protocol Tunnel Status
: Tunnel
IGMP Protocol Tunnel Status
: Tunnel
Service Vlan Classification
Customer Vlan
: Source Mac and
Ingress EtherType
: 0x88a8
Egress EtherType
: 0x88a8
EtherType Swap Status
: Disable
Service Vlan Translation Status
: Disable
Require Drop Encoding
: False
Use_Dei
: False
PCP Selection Row
: 8P0D
Unicast Mac Learning Status
: Enable
Unicast Mac Learning Limit
: 150
Customer Vlan Status
: Disabled
switch# show service vlan
Switch - default
Service Vlan Classification
------------------------------Service Vlan
Port
Src MAC Address
Customer Vlan
----------------------------------------------------2
Gi0/1
Service Vlan
00:11:22:33:22:11
Port
5
pvid
----------------------------------------------------1
Gi0/1
1
Configuring S-Vlan Priority type and S-Vlan Priority
This section explains the configurations to change the S-Vlan priority value of
the packets which are S-tagged. This configuration is valid only for Customer
Edge Ports and Customer Network Ports (port-based and S-tagged).
1. For configuring S-Vlan Priority type and Priority value on a CEP port, the
CVID registration table has to be created. The configuration steps are as
follows.
 Enter the global configuration mode
switch# configure terminal
 Enter the interface configuration mode
switch(config)# interface TwentyGigE 0/1/1
 Configure the S-Vlan priority type as Fixed and Priority as 7 for a
CEP port with CVID Registration entry configured with CVLAN 10
switch(config-if)# switchport customer-vlan 10 svlan-priotype
fixed 7
switch(config-if)#end
82
2. View the configuration by executing the following command
switch# show service vlan cvlan
Switch default
Service Vlan Classification
-----------------------------ServiceVlan Port CustomerVlan Untag-pep Untag-cep
Relay CVlanId SVLANPriType SVLAN Pri
-------------------------------------------------------------------------------------------------------------------------------------10
False
FIXED
Gi0/1
False
7
20
20
3. For configuring S-Vlan Priority type and Priority value on a CNP ports, the
configuration steps are as follows.
 Enter the global configuration mode
switch# configure terminal
 Enter the interface configuration mode
switch(config)# interface TwentyGigE 0/1/1
 Configure the S-Vlan priority type as Fixed and Priority as 7 for a
CNP Port-based port.
switch(config-if)# switchport svlan-priotype fixed 7
switch(config-if)# end
4. View the configuration by executing the following command
switch# show provider-bridge port config port TwentyGigE 0/1/1
Switch default
Provider Bridge Port configuration table
----------------------------------------Port Gi0/2
Port Type
Network Port(Port-Based)
: Customer
Dot1x Protocol Tunnel Status
: Peer
LACP Protocol Tunnel Status
: Peer
Spanning Tree Tunnel Status
: Tunnel
MVRP Protocol Tunnel Status
: Tunnel
MMRP Protocol Tunnel Status
: Tunnel
GVRP Protocol Tunnel Status
: Tunnel
GMRP Protocol Tunnel Status
: Tunnel
IGMP Protocol Tunnel Status
: Tunnel
Service Vlan Classification
: PVID
EtherType Swap Status
: Disable
Service Vlan Translation Status
: Disable
Require Drop Encoding
: False
Use_Dei
: False
PCP Selection Row
: 8P0D
Unicast Mac Learning Status
: Enable
Unicast Mac Learning Limit
: 950
SVLAN Priority Type
: FIXED
SVLAN Priority
: 7
Configuration of ICMwith Multiple Instance
MI Switch A
Switch 2
Switch 1
P1
Host A
P3
P2
Host B
Host C
Figure 3: Setup for Configuring ICMwith MI
Enable all the interfaces for Multiple Instance configuration, and then map the
interfaces to the corresponding switch (virtual instance).
Refer Figure 3 for topology. The commands for the configuration of VLAN are
same for both single and multiple instances except for a difference in the
prompt that appears for the Switch with Multiple Instance support.
The prompt for the Global Configuration Mode is,
switch(config-switch)#
The prompt for the VLAN Configuration Mode is,
switch(config-switch-vlan)#
1. Execute the following commands in both the switches.
 Enter the Global Configuration Mode and execute the commands.
switch# configure terminal
84
switch(config)# switch 1
switch(config-switch)# bridge-mode customer
switch(config-switch)# exit
switch(config)# switch 2
switch(config-switch)# bridge-mode customer
switch(config-switch)# exit
 Enable an Interface and Map it to a switch.
switch(config)# interface TwentyGigE 0/1/1
switch(config-if)# no shutdown
switch(config-if)# map switch 1
switch(config-if)# exit
switch(config)# interface TwentyGigE 0/1/2
switch(config-if)# no shutdown
switch(config-if)# map switch 1
switch(config-if)# exit
switch(config)# interface TwentyGigE 0/1/3
switch(config-if)# no shutdown
switch(config-if)# map switch 2
switch(config-if)# exit
 Creating VLAN 1 in both the switches.
switch(config)# switch 1
switch(config-switch)# vlan 1
switch(config-switch-vlan)# ports TwentyGigE 0/1/1-2 untagged
TwentyGigE 0/1/1-2
switch(config-switch-vlan)# exit
switch(config-switch)# exit
switch(config)# switch 2
switch(config-switch)# vlan 1
switch(config-switch-vlan)# ports TwentyGigE 0/1/1 untagged
TwentyGigE 0/1/3
switch(config-switch-vlan)# end
2. View VLAN in both switches
switch# show vlan switch 1
Switch 1
Vlan database
------------Vlan ID
: 1
Member Ports
: Gi0/1 , Gi0/2
Untagged Ports
: Gi0/1 , Gi0/2
Forbidden Ports
: None
Name
:
Status
: Permanent
---------------------------------------------------switch# show vlan switch 2
Switch 2
Vlan database
------------Vlan ID
: 1
Member Ports
: Gi0/3
Untagged Ports
: Gi0/3
Forbidden Ports
: None
Name
:
Status
: Permanent
---------------------------------------------------Refer Figure 3 for setup.
The following are the IP addresses of Hosts A, B and C.
Host A: 12.0.0.10
Host B: 12.0.0.20
Host C: 12.0.0.30
As Hosts A and B are in the same switch (switch 1), ping succeeds.
Ping from Host A to Host B.
/# ping 12.0.0.20
Reply Received From :12.0.0.20, TimeTaken : 50 msecs
Reply Received From :12.0.0.20, TimeTaken : 80 msecs
Reply Received From :12.0.0.20, TimeTaken : 70 msecs
--- 12.0.0.20 Ping Statistics --3 Packets Transmitted, 3 Packets Received, 0% Packets
Loss
As Host C exists on a different switch, ping fails.
Ping from Host A to Host C.
/# ping 12.0.0.30
Reply Not Received From : 12.0.0.30, Timeout : 5 secs
Reply Not Received From : 12.0.0.30, Timeout : 5 secs
Reply Not Received From : 12.0.0.30, Timeout : 5 secs
--- 12.0.0.30 Ping Statistics ---
86
3 Packets Transmitted, 0 Packets Received, 100% Packets
Loss
Displaying Various Configurations
Show commands display the configuration details of a particular switch or for
all the switches.
For example execute the following command to view the VLAN device
information for Switch 1.
switch# show VLAN device info switch 1
Switch 1
VLAN device configurations
-------------------------VLAN Status
: Enabled
VLAN Oper status
: Enabled
Gvrp status
: Disabled
Gmrp status
: Disabled
Gvrp Oper status
: Disabled
Gmrp Oper status
: Disabled
Mac-VLAN Status
: Disabled
Protocol-VLAN Status
: Enabled
Bridge Mode
: Customer Bridge
Traffic Classes
: Enabled
VLAN Operational Learning Mode
: Hybrid
Version number
: 1
Max VLAN id
: 4094
Max supported VLANs
: 1024
Flow Based Configuration
Host C
eth0
P3
eth0
Host A
eth0
P2
P1
Switch1
Host B
Figure 4: Topology 1
Table 6: Configuration for Topology 1
Node
Port
MAC Address
IP Address
Host A
eth0
00:11:22:33:44:0a
12.0.0.10
Host B
eth0
00:11:22:33:44:0b
12.0.0.20
Host C
eth0
00:11:22:33:44:0c
12.0.0.30
Switch1
P1
00:01:02:03:04:01
12.0.0.1
P2
00:01:02:03:04:02
P3
00:01:02:03:04:03
Switch1
P1
P2
Switch 2
Figure 5: Topology 2
Table 7: Configuration for Topology 2
Node
Port
MAC Address
IP Address
Switch1
eth0
00:01:02:03:04:01
12.0.0.1
eth1
00:01:02:03:04:02
eth0
00:02:02:03:04:01
eth1
00:02:02:03:04:02
Switch2
12.0.0.2
Configuring Static Unicast Entry
To work with Static Unicast Entry, configure the following
88
Configuration Guidelines
1. Configuration of static unicast entry.
2. Configuration of VLAN.
Default Configurations
Refer section 0 for default configurations.
1. Refer Figure 4 and Table 6 for topology setup.
2. Execute the following commands in Switch1:
At Switch1:
 Enter into the Global configuration mode
switch# configure terminal
 Configure VLAN 2 in the switch

switch(config)# vlan 2
Configure the static VLAN entry with the required ports

switch(config-vlan)# ports TwentyGigE 0/1/1-3
Exit from VLAN configuration mode
switch(config-vlan)# exit
 Enter into the Interface configuration mode
switch(config)# interface TwentyGigE 0/1/1
 Make the interface up

switch(config-if)# no shutdown
Exit from Interface configuration mode
switch(config-if)# exit
 Enter into the Interface configuration mode
switch(config)# interface TwentyGigE 0/1/2
 Make the interface up

switch(config-if)# no shutdown
Exit from Interface configuration mode
switch(config-if)# exit
 Enter into the Interface configuration mode
switch(config)# interface TwentyGigE 0/1/3
 Make the interface up

switch(config-if)# no shutdown
Exit from Interface configuration mode
switch(config-if)# exit
 Configure the static unicast entry
switch(config)# mac-address-table static unicast
00:11:22:33:44:0b vlan 2 recv-port TwentyGigE 0/1/1 interface
TwentyGigE 0/1/2
 Exit from the Global Configuration Mode
switch(config)# exit
3. View the VLAN related configurations by executing the following
commands:
switch# show vlan id 2
Vlan database
------------------Vlan ID
: 2
Member Ports
: Gi0/1, Gi0/2, Gi0/3
Untagged Ports
: None
Forbidden Ports
: None
Name
:
Status
: Permanent
---------------------------------------------------switch# show mac-address-table static unicast
Vlan
Mac Address
-----2
--------
RecvPort Status
------------- ---------
00:11:22:33:44:0b
Gi0/1
Permanent
Ports
-----Gi0/2
Total Mac Addresses displayed: 1
After spanning topology settlement, send the tagged (VLAN 2) unicast data
packet to Host B from Host A.
Configuring Static Multicast Entry
To work with Static Multicast Entry, Configure the following
Configuration Guidelines
1. Configuration of static unicast entry.
2. Configuration of forward-unregistered entry.
3. Configuration of VLAN.
Default Configurations
1. Configure the Forward-Unregistered static ports as none.
2. Configure the Forward-All static ports as none.
Configuration Steps
1. Refer Figure 4 and Table 6 for topology setup.
2. Execute the following commands in Switch1:
At Switch1:
90
 Enter into the Global configuration mode
switch# configure terminal
 Configure VLAN 2 in the switch



switch(config)# vlan 2
Configure the static VLAN entry with the required ports
switch(config-vlan)# ports TwentyGigE 0/1/1-3
Configure Forward-Unregistered static ports as none for this
VLAN
switch(config-vlan)# forward-unregistered static-ports
none
Exit from VLAN configuration mode
switch(config-vlan)# exit
 Enter into Interface configuration mode
switch(config)# interface TwentyGigE 0/1/1
 Make the interface up

switch(config-if)# no shutdown
Exit from Interface configuration mode
switch(config-if)# exit
 Enter into Interface configuration mode
switch(config)# interface TwentyGigE 0/1/2
 Make the interface up

switch(config-if)# no shutdown
Exit from Interface configuration mode
switch(config-if)# exit
 Enter into Interface configuration mode
switch(config)# interface TwentyGigE 0/1/3
 Make the interface up

switch(config-if)# no shutdown
Exit from Interface configuration mode
switch(config-if)# exit
 Configure the static multicast entry
switch(config)# mac-address-table static multicast
01:02:02:02:02:02 vlan 2 recv-port TwentyGigE 0/1/1 interface
TwentyGigE 0/1/3
 Exit from the Global configuration mode
switch(config)# exit
3. View the forward-unregistered information by executing the following
commands:
switch# show forward-unregistered
Vlan Forward Unregistered Table
---------------------------------------------
Vlan ID : 2
Unreg ports
:
Unreg Static Ports
:
Unreg Forbidden Ports :
-----------------------------------------------------4. View the static multicast information by executing the following command:
switch# show mac-address-table static multicast
Static Multicast Table
---------------------Vlan
: 2
Mac Address
: 01:02:02:02:02:02
Receive Port
: Gi0/1
Member Ports
: Gi0/3
Status
: Permanent
-----------------------------------------------Total Mac Addresses displayed: 1
5. View the created VLAN.
switch# show vlan id 2
Vlan database
------------------Vlan ID
: 2
Member Ports
: Gi0/1, Gi0/2, Gi0/3
Untagged Ports
: None
Forbidden Ports
: None
Name
:
Status
: Permanent
---------------------------------------------------After spanning topology settlement, send the tagged (VLAN 2) multicast data
packet to Host C from Host A.
To work with GVRP, the following are to be done.
Dynamic VLAN Learning
For Dynamic VLAN Learning, the following are to be done.
Configuration Guidelines
1. Enable the interface P2 in Switch1 and Switch2.
92
2. Configure VLAN.
Default Configurations
Refer section 0 for default configurations.
Configuration Steps
1. Refer Figure 5 and Table 7 for topology setup.
2. Execute the following commands in the switches:
At Switch1:
 Enter into the Global configuration mode
switch# configure terminal
 Enter into the Interface configuration mode
switch(config)# interface TwentyGigE 0/1/2
 Make the interface up
switch(config-if)# no shutdown
 Return to Global configuration mode
switch(config-if)# exit
 Configure VLAN 2 in the switch
switch(config)# vlan 2
 Configure the static VLAN entry with the required ports
switch(config-vlan)# ports TwentyGigE 0/1/1-2
 Return to Privileged EXEC mode
switch(config-vlan)# end
At Switch2:
 Enter into the Global configuration mode
switch# configure terminal
 Enter into the Interface configuration mode
switch(config)# interface TwentyGigE 0/1/2
 Make the interface up
switch(config-if)# no shutdown
 Return to Global configuration mode
switch(config-if)# exit
3. View the VLANs in the switches.
At Switch1:
switch# show vlan id 2
Vlan database
------------------Vlan ID
: 2
Member Ports
: Gi0/1, Gi0/2
Untagged Ports
: None
Forbidden Ports
: None
Name
:
Status
: Permanent
---------------------------------------------------At Switch2:
switch# show vlan id 2
Vlan database
------------------Vlan ID
: 2
Member Ports
: Gi0/2
Untagged Ports
: None
Forbidden Ports
: None
Name
:
Status
: Dynamic Gvrp
----------------------------------------------------
Configuring Restricted VLAN Registration
To work with Restricted Registration, the following are to be done.
Configuration Guidelines
1. Enable the interface P2 in Switch1 and Switch2.
2. Configure VLAN.
3. Configure Restricted VLAN Registration.
Default Configurations
Refer section 0 for default configurations.
Configuration Steps
1. Refer Figure 5 and Table 7 for topology setup.
2. Execute the following commands in the switches:
At Switch1:
 Enter into the Global configuration mode
switch# configure terminal
 Enter into the Interface configuration mode
switch(config)# interface TwentyGigE 0/1/2
 Make the interface up
switch(config-if)# no shutdown
 Return to Global configuration mode
94
switch(config-if)# exit
 Configure VLAN 2 in the switch
switch(config)# vlan 2
 Configure the static VLAN entry with the required ports
switch(config-vlan)# ports TwentyGigE 0/1/1-2
 Return to Privileged EXEC mode
switch(config-vlan)# end
At Switch2:
 Enter into the Global configuration mode
switch# configure terminal
 Enter into the Interface configuration mode
switch(config)# interface TwentyGigE 0/1/2
 Make the interface up
switch(config-if)# no shutdown
 Return to Privileged EXEC mode
switch(config-vlan)# end
3. Enable Restricted VLAN registration in Switch 2.
 Enter into the Global configuration mode
switch# configure terminal
 Enter into the Interface configuration mode
switch(config)# interface TwentyGigE 0/1/2
 Enable Restricted VLAN registration on a port
switch(config-if)# vlan restricted enable
 Return to Privileged EXEC mode
switch(config-if)# end
4. View the status by executing the following command:
switch# show vlan port config port TwentyGigE 0/1/2
Vlan Port configuration table
-------------------------------------Port Gi0/2
Port Vlan ID
: 1
Port Acceptable Frame Type
: Admit All
Port Ingress Filtering
: Disabled
Port Mode
: Hybrid
Port Gvrp Status
: Enabled
Port Gmrp Status
: Enabled
Port Gvrp Failed Registrations
: 0
Gvrp last pdu origin
: 00:01:02:03:04:02
Port Restricted Vlan Registration : Enabled
Port Restricted Group Registration: Disabled
Mac Based Support
: Disabled
Port-and-Protocol Based Support
: Enabled
Default Priority
: 0
--------------------------------------------------5. View the VLAN by using the command:
At Switch1:
switch# show vlan id 2
Vlan database
------------------Vlan ID
: 2
Member Ports
: Gi0/1, Gi0/2
Untagged Ports
: None
Forbidden Ports
: None
Name
:
Status
: Permanent
---------------------------------------------------At Switch2:
switch# show vlan id 2
Vlan database
 It is seen that VLAN 2 is not learnt in Switch2.
To work with GMRP, the following are to be done.
Dynamic Multicast Group Learning
For Dynamic Multicast Group Learning, the following are to be done.
Configuration Guidelines
1. Enable the interface P2 in Switch1 and Switch2.
2. Configure static multicast entry.
Default Configurations
Refer section 0 for default configurations.
Configuration Steps
1. Refer Figure 5 and Table 7 for topology setup.
2. Execute the following commands in the switches:
96
At Switch1:
 Enter into the Global configuration mode
switch# configure terminal
 Enter into the Interface configuration mode
switch(config)# interface TwentyGigE 0/1/1
 Make the interface up
switch(config-if)# no shutdown
 Return to Global configuration mode
switch(config-if)# exit
 Enter into the Interface configuration mode
switch(config)# interface TwentyGigE 0/1/1
 Make the interface up.
switch(config-if)# no shutdown
 Return to Global configuration mode
switch(config-if)# exit
 Configure VLAN 2 in the switch
switch(config)# vlan 2
 Configure the static VLAN entry with the required ports
switch(config-vlan)# ports TwentyGigE 0/1/1-2
 Return to Global configuration mode
switch(config-vlan)# exit
 Create the static multicast entry
switch(config)# mac-address-table static multicast
01:02:02:02:02:02 vlan 2 interface TwentyGigE 0/1/1
 Return to Privileged EXEC mode
switch(config)# end
At Switch 2:
 Enter into the Global configuration mode
switch# configure terminal
 Enter into the Interface configuration mode
switch(config)# interface TwentyGigE 0/1/1
 Make the interface up
switch(config-if)# no shutdown
 Return to Global configuration mode
switch(config-if)# exit
3. View the multicast group entries in the switches.
At Switch1:
switch# show mac-address-table static multicast
Static Multicast Table
----------------------------Vlan
: 2
Mac Address
: 01:02:02:02:02:02
Receive Port
:
Member Ports
: Gi0/1
Status
: Permanent
-----------------------------------------------Total Mac Addresses displayed: 1
At Switch2:
switch# show mac-address table
Vlan
Mac Address
Type
---------
--------
-------
Ports
--------
1
00:01:02:03:04:02
Learnt
Gi0/2
2
00:01:02:03:04:02
Learnt
Gi0/2
2
01:02:02:02:02:02
Learnt
Gi0/2
Total Mac Addresses displayed: 2
Configuring Restricted Group Registration
For configuring Restricted Group Registration, the following are to be carried.
Configuration Guidelines
1. Enable the interface P2 in Switch1 and Switch2.
2. Configure static multicast entry.
3. Configure Restricted Group Registration.
Default Configurations
Refer section 0 for default configurations.
Configuration Steps
1. Refer Figure 5 and Table 7 for topology setup.
2. Execute the following commands in the switches:
At Switch1:
 Enter into the Global configuration mode
switch# configure terminal
 Enter into the Interface configuration mode
switch(config)# interface TwentyGigE 0/1/1
 Make the interface up
switch(config-if)# no shutdown
98
 Return to Global configuration mode
switch(config-if)# exit
 Enter into the Interface configuration mode
switch(config)# interface TwentyGigE 0/1/1
 Make the interface up
switch(config-if)# no shutdown
 Return to Global configuration mode
switch(config-if)# exit
 Configure VLAN 2 in the switch
switch(config)# vlan 2
 Configure the static VLAN entry with the required ports
switch(config-vlan)# ports TwentyGigE 0/1/1-2
 Return to Global configuration mode
switch(config-vlan)# exit
 Create the static multicast entry
switch(config)# mac-address-table static multicast
01:02:02:02:02:02 vlan 21 interface TwentyGigE 0/1/1
 Return to Privileged EXEC mode
switch(config)# end
At Switch 2:
 Enter into the Global configuration mode
switch# configure terminal
 Enter into the Interface configuration mode
switch(config)# interface TwentyGigE 0/1/1
 Make the interface up
switch(config-if)# no shutdown
 Return to Global configuration mode
switch(config-if)# exit
3. Enable Restricted Group registration in Switch 2.
 Enter into the Global configuration mode
switch# configure terminal
 Enter into the Interface configuration mode
switch(config)# interface TwentyGigE 0/1/1
 Enable Restricted Group registration on a port
switch(config-if)# group restricted enable
 Return to Privileged EXEC mode.
switch(config-if)# end
4. View the status by executing the following command:
switch# show vlan port config port TwentyGigE 0/1/2
Switch default
Vlan Port configuration table
------------------------------Port TwentyGigE0/1/2
Bridge Port Type
Port
Port Vlan ID
Port Acceptable Frame Type
Tagged
: Customer Bridge
: 1
: Admit Only Vlan
Port Mac Learning Status
: Enabled
Port Ingress Filtering
: Enabled
Port Mode
: Hybrid
Mac Based Support
: Disabled
Subnet Based Support
: Disabled
Port-and-Protocol Based Support
: Enabled
Default Priority
: 0
Filtering Utility Criteria
: Default
Port Protected Status
: Disabled
Ingress EtherType
: 0x8100
Egress EtherType
: 0x8100
Egress TPID Type
: Portbased
Allowable TPID 1
: 0x0
Allowable TPID 2
: 0x0
Allowable TPID 3
: 0x0
-----------------------------------------------------Vlan Port configuration table
-------------------------------------Port Gi0/2
Port Vlan ID
: 1
Port Acceptable Frame Type
: Admit All
Port Ingress Filtering
: Disabled
Port Mode
: Hybrid
Port Gvrp Status
: Enabled
Port Gmrp Status
: Enabled
100
Port Gvrp Failed Registrations
: 0
Gvrp last pdu origin
: 00:01:02:03:04:02
Port Restricted Vlan Registration : Disabled
Port Restricted Group Registration: Enabled
Mac Based Support
: Disabled
Port-and-Protocol Based Support
: Enabled
Default Priority
: 0
-------------------------------------------------5. View the group entries by using the command:
switch# show mac-address-table
Switch default
Vlan
Ports
Mac Address
Type
ConnectionId
--------
-----------
----
-----------
1
5c:b9:01:47:c4:79
FortyGigE0/0/8
Learnt
1
5c:b9:01:47:c4:7e
FortyGigE0/0/7
Learnt
Total Mac Addresses displayed: 2
Vlan
-------
Mac Address
Type
--------------
Ports
-------
1
00:01:02:03:04:02
Learnt
Gi0/2
2
00:01:02:03:04:02
Learnt
Gi0/2
Total Mac Addresses displayed: 1
 Group entry (01:02:02:02:02:02) is not present in Switch2.
Forward–All
To work with Forward-All, the following are to be done.
Configuration Guidelines
1. Configure VLAN.
2. Configure forward-all entry.
-------
3. Configure forward-unregistered entry.
Default Configurations
Refer section 0 for default configurations.
Configuration Steps
1. Refer Figure 4 and Table 6 for topology setup.
2. Execute the following commands in Switch1:
At Switch1:
 Enter into the Global configuration mode
switch# configure terminal
 Configure VLAN 2 in the switch
switch(config)# vlan 2
 Configure the static VLAN entry with the required ports

switch(config-vlan)# ports TwentyGigE 0/1/1-3
Configure Forward-Unregistered static ports as none for this
VLAN

switch(config-vlan)# forward-unregistered static-ports
none
Configure Forward-All static port as Host B

switch(config-vlan)# forward-all static-ports TwentyGigE
0/1/1
Exit from VLAN configuration mode
switch(config-vlan)# exit
 Enter into the Interface configuration mode
switch(config)# interface TwentyGigE 0/1/1
 Make the interface up

switch(config-if)# no shutdown
Exit from Interface configuration mode
switch(config-if)# exit
 Enter into the Interface configuration mode
switch(config)# interface TwentyGigE 0/1/1
 Make the interface up

switch(config-if)# no shutdown
Exit from Interface configuration mode
switch(config-if)# exit
 Enter into the Interface configuration mode
switch(config)# interface TwentyGigE 0/1/1
 Make the interface up
switch(config-if)# no shutdown
102

Exit from Interface configuration mode
switch(config-if)# exit
 Configure the static multicast entry
switch(config)# mac-address-table static multicast
01:02:02:02:02:02 vlan 2 recv-port TwentyGigE 0/1/1 interface
TwentyGigE 0/1/1
 Exit from the Global configuration mode
switch(config)# exit
3. View the forward-unregistered information by executing the following
command:
switch# show forward-unregistered
Vlan Forward Unregistered Table
-----------------------------------Vlan ID : 2
Unreg ports
:
Unreg Static Ports
:
Unreg Forbidden Ports :
-------------------------------------4. View the forward-all information by executing the following command:
switch# show forward-all
Vlan ID
: 2
ForwardAll Ports
: Gi0/2
ForwardAll Static Ports : Gi0/2
ForwardAll ForbiddenPorts:
------------------------------------------5. View the static multicast information by executing the following command:
switch# show mac-address-table static multicast
Static Multicast Table
---------------------Vlan
: 2
Mac Address
: 01:02:02:02:02:02
Receive Port
: Gi0/1
Member Ports
: Gi0/3
Status
: Permanent
-----------------------------------------------Total Mac Addresses displayed: 1
After these configurations, the multicast data packets from Host A reaches
Host B and Host C with the destination MAC address as 01:02:02:02:02:02.
Classifying VLAN
VLAN is classified as follows:



PVID Based Classification
Port and MAC Based Classification
Port and Protocol Based Classification
PVID Based Classification
For configuring PVID Based Classification, the following are to be done.
Configuration Guidelines
1. Configure VLAN.
2. Configure PVID for ports.
Default Configurations
Refer section 0 for default configurations.
Configuration Steps
1. Refer Figure 4 and Table 7-1 for topology setup.
2. Execute the following commands in the switches:
At Switch1:
 Enter into the Global configuration mode
switch# configure terminal
 Configure VLAN 1 in the switch
switch(config)# vlan 1
 Configure the static VLAN entry with the required ports

switch(config-vlan)# ports TwentyGigE 0/1/1-3 untagged
TwentyGigE 0/1/1-3
Exit from VLAN configuration mode
switch(config-vlan)# exit
 Enter into the Interface configuration mode
switch(config)# interface TwentyGigE 0/1/1
 Make the interface up

switch(config-if)# no shutdown
Exit from Interface configuration mode
switch(config-if)# exit
 Enter into the Interface configuration mode
switch(config)# interface TwentyGigE 0/1/2
 Make the interface up

switch(config-if)# no shutdown
Exit from Interface configuration mode
104
switch(config-if)# exit
 Enter into the Interface configuration mode
switch(config)# interface TwentyGigE 0/1/3
 Make the interface up

switch(config-if)# no shutdown
Exit from Interface configuration mode
switch(config-if)# exit
 Configure VLAN 2 in the switch
switch(config)# vlan 2
 Configure the static VLAN entry with the required ports
switch(config-vlan)# ports TwentyGigE 0/1/1-2
 Return to Privileged EXEC mode
switch(config-vlan)# end
3. Configure the PVID for the Interface P1 as VLAN 2.
 Enter into the Global configuration mode
switch# configure terminal
 Enter into the Interface configuration mode
switch(config)# interface TwentyGigE 0/1/1
 Set the PVID as 2 for the interface
switch(config-if)# switchport pvid 2
 Return to Privileged EXEC mode
switch(config-if)# end
4. View the VLAN related configurations by executing the following
commands:
switch# show vlan
Vlan database
------------Vlan ID
: 2
Member Ports
: TwentyGigE0/1/1
Untagged Ports
: None
Forbidden Ports
: None
Name
:
Status
: Permanent
Egress Ethertype
: 0x8100
Service Loopback Status
: Disabled
----------------------------------------------------
Vlan ID
: 1
Member Ports
: TwentyGigE0/1/1
Untagged Ports
: TwentyGigE0/1/1
Forbidden Ports
: None
Name
:
Status
: Permanent
Egress Ethertype
: 0x8100
Service Loopback Status
: Disabled
---------------------------------------------------Vlan database
------------------Vlan ID
: 1
Member Ports
: Gi0/1, Gi0/2, Gi0/3
Untagged Ports
: Gi0/1, Gi0/2, Gi0/3
Forbidden Ports
: None
Name
:
Status
: Permanent
---------------------------------------------------Vlan ID
: 2
Member Ports
: Gi0/1, Gi0/2
Untagged Ports
: None
Forbidden Ports
: None
Name
:
Status
: Permanent
---------------------------------------------------switch# show vlan port config port TwentyGigE 0/1/1
Switch default
Vlan Port configuration table
------------------------------Port TwentyGigE0/1/1
Bridge Port Type
Port
: Customer Bridge
Port Vlan ID
: 1
Port Acceptable Frame Type
: Admit All
Port Mac Learning Status
: Disabled
Port Ingress Filtering
: Enabled
106
Port Mode
: Hybrid
Mac Based Support
: Disabled
Subnet Based Support
: Disabled
Port-and-Protocol Based Support
: Enabled
Default Priority
: 0
Filtering Utility Criteria
: Default
Port Protected Status
: Disabled
Ingress EtherType
: 0x8100
Egress EtherType
: 0x8100
Egress TPID Type
: Portbased
Allowable TPID 1
: 0x0
Allowable TPID 2
: 0x0
Allowable TPID 3
: 0x0
-----------------------------------------------------Vlan Port configuration table
-------------------------------------Port Gi0/1
Port Vlan ID
: 2
Port Acceptable Frame Type
: Admit All
Port Ingress Filtering
: Disabled
Port Mode
: Hybrid
Port Gvrp Status
: Enabled
Port Gmrp Status
: Enabled
Port Gvrp Failed Registrations
: 0
Gvrp last pdu origin
: 00:00:00:00:00:00
Port Restricted Vlan Registration : Disabled
Port Restricted Group Registration: Disabled
Mac Based Support
: Disabled
Port-and-Protocol Based Support
: Enabled
Default Priority
: 0
----------------------------------------------------Unicast packets are reached only to Host B as a tagged VLAN2 packet that
is sent by Host A.
Port and MAC Based Classification
For configuring MAC Based Classification, the following are to be done.
Configuration Guidelines
1. Configure VLAN.
2. Configure Mac map entry for Port and Mac based classification.
Default Configurations
Refer section 0 for default configurations.
Configuration Steps
1. Refer Figure 4 and Table 6 for topology setup.
2. Execute the following commands in the switches:
At Switch1:
 Enter into the Global configuration mode
switch# configure terminal
 Configure VLAN 1 in the switch
switch(config)# vlan 1
 Configure the static VLAN entry with the required ports

switch(config-vlan)# ports TwentyGigE 0/1/1-3 untagged
TwentyGigE 0/1/1-3
Exit from VLAN configuration mode
switch(config-vlan)# exit
 Configure VLAN 2 in the switch
switch(config)# vlan 2
 Configure the static VLAN entry with the required ports

switch(config-vlan)# ports TwentyGigE 0/1/1-2
Exit from VLAN configuration mode
switch(config-vlan)# exit
 Enter into the Interface configuration mode
switch(config)# interface TwentyGigE 0/1/1
 Set the PVID as VLAN 1

switch(config-if)# switchport pvid 1
Make the interface up

switch(config-if)# no shutdown
Exit from Interface configuration mode
switch(config-if)# exit
 Enter into the Interface configuration mode
switch(config)# interface TwentyGigE 0/1/1
 Set the PVID as VLAN 1

switch(config-if)# switchport pvid 1
Make the interface up

switch(config-if)# no shutdown
Exit from Interface configuration mode
108
switch(config-if)# exit
 Enter into the Interface configuration mode
switch(config)# interface TwentyGigE 0/1/1
 Set the PVID as VLAN 1

switch(config-if)# switchport pvid 1
Make the interface up
switch(config-if)# no shutdown
 Return to Privileged EXEC mode
switch(config-vlan)# end
3. Configure the Mac map entry.
 Enter into the Global configuration mode
switch# configure terminal
 Make Mac-VLAN enable
switch(config)# mac-vlan
 Enter into the Interface configuration mode
switch(config)# interface TwentyGigE 0/1/1
 Create the Mac map entry
switch(config-if)# mac-map 00:11:22:33:44:0a vlan 2 mcastbcast allow
 Return to Privileged EXEC mode
switch(config-if)# end
4. View the VLAN related configurations by executing the following
commands:
switch# show vlan
Vlan database
------------------Vlan ID
: 1
Member Ports
: Gi0/1, Gi0/2, Gi0/3
Untagged Ports
: Gi0/1, Gi0/2, Gi0/3
Forbidden Ports
: None
Name
:
Status
: Permanent
---------------------------------------------------Vlan ID
: 2
Member Ports
: Gi0/1, Gi0/2
Untagged Ports
: None
Forbidden Ports
: None
Name
:
Status
: Permanent
---------------------------------------------------switch# show mac-vlan interface TwentyGigE 0/1/1
Mac Map Table For Port 1--Mac Vlan Enabled
------------------------------------Mac Address
------------00: 11:22:33:44:0a
Vlan ID
----------
MCast/Bcast
-------------------
2
allow
Untagged unicast packets from Host A are classified as VLAN 2 packets and
the packets are forwarded only to Host B.
Port and protocol Based Classification
For configuring Port and Protocol Based Classification, the following are to
be done.
Configuration Guidelines
1. Configure VLAN.
2. Configure protocol-group entry for Port and Protocol based classification.
Default Configurations
Refer section 0 for default configurations.
Configuration Steps
1. Refer Figure 4 and Table 6 for topology setup.
2. Execute the following commands in the switches:
At Switch1:
 Enter into the Global configuration mode
switch# configure terminal
 Configure VLAN 1 in the switch
switch(config)# vlan 1
 Configure the static VLAN entry with the required ports

switch(config-vlan)# ports TwentyGigE 0/1/1-3 untagged
TwentyGigE 0/1/1-3
Exit from VLAN configuration mode
switch(config-vlan)# exit
 Configure VLAN 2 in the switch
switch(config)# vlan 2
 Configure the static VLAN entry with the required ports

switch(config-vlan)# ports TwentyGigE 0/1/1-2
Exit from VLAN configuration mode
switch(config-vlan)# exit
 Enter into the Interface configuration mode
110
switch(config)# interface TwentyGigE 0/1/1
 Set the PVID as VLAN 1

switch(config-if)# switchport pvid 1
Make the interface up

switch(config-if)# no shutdown
Exit from Interface configuration mode
switch(config-if)# exit
 Enter into the Interface configuration mode
switch(config)# interface TwentyGigE 0/1/2
 Set the PVID as VLAN 1

switch(config-if)# switchport pvid 1
Make the interface up

switch(config-if)# no shutdown
Exit from Interface configuration mode
switch(config-if)# exit
 Enter into the Interface configuration mode
switch(config)# interface TwentyGigE 0/1/3
 Set the PVID as VLAN 1

switch(config-if)# switchport pvid 1
Make the interface up
switch(config-if)# no shutdown
 Return to Privileged EXEC mode
switch(config-vlan)# end
3. Configure the Protocol-Group entry.
 Enter into the Global configuration mode
switch# configure terminal
 Create protocol-group entry
switch(config)# map protocol other 08:06 enet-v2 protocolsgroup 100
 Enter into the Interface configuration mode
switch(config)# interface TwentyGigE 0/1/1
 Map the protocol-group entry to the VLAN
switch(config-if)# switchport map protocols-group 100 vlan 2
 Return to Privileged EXEC mode
switch(config-if)# end
4. View the VLAN related configurations by executing the following
commands:
switch# show vlan
Vlan database
-------------------
Vlan ID
: 1
Member Ports
: Gi0/1, Gi0/2, Gi0/3
Untagged Ports
: Gi0/1, Gi0/2, Gi0/3
Forbidden Ports
: None
Name
:
Status
: Permanent
---------------------------------------------------Vlan ID
: 2
Member Ports
: Gi0/1, Gi0/2
Untagged Ports
: None
Forbidden Ports
: None
Name
:
Status
: Permanent
---------------------------------------------------switch# show vlan protocols-group
Protocol Group Table
------------------------------------------------------------------------------Frame Type
Protocol
Group
--------------------------------------------------Enet-v2
08:06
100
--------------------------------------------------switch# show protocol-vlan
Port Protocol Table
----------------------------------------Port
Group
Vlan ID
----------------------------------------Gi0/1
100
2
----------------------------------------ARP packets (Unknown Host) from Host A are classified as VLAN 2 packets
and the packets are forwarded only to Host B.
Configuring Acceptable Frame Types
To work with Acceptable Frame types, the following are to be done.
Configuration Guidelines
1. Configuration of VLAN.
2. Configuration of PVID for the interfaces.
112
3. Configuration of Acceptable Frame Types.
Default Configurations
Refer section 0 for default configurations.
Configuration Steps
1. Refer Figure 4 and Table 6 for topology setup.
2. Execute the following commands in the Switch1:
At Switch1:
 Enter into the Global configuration mode
switch# configure terminal
 Configure VLAN 1 in the switch
switch(config)# vlan 1
 Configure the static VLAN entry with the required ports

switch(config-vlan)# ports TwentyGigE 0/1/1-2 untagged
TwentyGigE 0/1/1-2
Return from VLAN Configuration mode
switch(config-vlan)# exit
 Enter into the Interface configuration mode
switch(config)# interface TwentyGigE 0/1/1
 Make the interface up

switch(config-if)# no shutdown
Set PVID as VLAN 1

switch(config-if)# switchport pvid 1
Return from Interface configuration mode
switch(config-if)# exit
 Enter into the Interface configuration mode
switch(config)# interface TwentyGigE 0/1/1
 Make the interface up.

switch(config-if)# no shutdown
Set PVID as VLAN 2.
switch(config-if)# switchport pvid 1
 Return to Privileged EXEC mode
switch(config-if)# end
3. Wait for around 30 seconds (topology settlement), to initiate ping from
Host A to Host B, which is successful.
4. Configure the Acceptable Frame Type for port P1.
At Switch1:
 Enter into the Global configuration mode
switch# configure terminal
 Enter into the Interface configuration mode
switch(config)# interface TwentyGigE 0/1/1
 Configure the Acceptable Frame Type
switch(config-if)# switchport acceptable-frame-type tagged
 Return to Privileged EXEC mode
switch(config-vlan)# end
5. View the VLAN related configurations by executing the following
commands:
switch# show vlan
Vlan database
------------------Vlan ID
: 1
Member Ports
: Gi0/1, Gi0/2
Untagged Ports
: Gi0/1, Gi0/2
Forbidden Ports
: None
Name
:
Status
: Permanent
---------------------------------------------------switch# show vlan port config port TwentyGigE 0/1/1
Vlan Port configuration table
------------------------------Port Gi0/1
Port Vlan ID
: 1
Port Acceptable Frame Type
Tagged
: Admit Only Vlan
Port Ingress Filtering
: Disabled
Port Mode
: Hybrid
Port Gvrp Status
: Enabled
Port Gmrp Status
: Enabled
Port Gvrp Failed Registrations
: 0
Gvrp last pdu origin
: 00:00:00:00:00:00
Port Restricted Vlan Registration: Disabled
Port Restricted Group Registration: Disabled
Mac Based Support
: Disabled
Port-and-Protocol Based Support
:Enabled
Default Priority
: 0
------------------------------------------------
114
Once the Acceptable Frame Type is configured as Admit OnlyVLAN Tagged,
the ping fails (as ping packets are untagged) from Host A to Host B.
Configuring Ingress Filtering
To work with Ingress Filtering, the following are to be done.
Configuration Guidelines
1. Configuration of VLAN.
2. Configuration of PVID for the interfaces.
3. Configuration of Ingress filtering.
Default Configurations
Refer section 0 for default configurations.
Configuration Steps
1. Refer Figure 4 and Table 6 for topology setup.
2. Execute the following commands in Switch1:
At Switch1:
 Enter into the Global configuration mode
switch# configure terminal
 Configure VLAN 2 in the switch
switch(config)# vlan 2
 Configure the static VLAN entry with the required ports

switch(config-vlan)# ports TwentyGigE 0/1/2 untagged
TwentyGigE 0/1/2
Return from VLAN Configuration mode
switch(config-vlan)# exit
 Enter into the Interface configuration mode
switch(config)# interface TwentyGigE 0/1/1
 Make the interface up

switch(config-if)# no shutdown
Set PVID as VLAN 2

switch(config-if)# switchport pvid 2
Return from Interface configuration mode
switch(config-if)# exit
 Enter into the Interface configuration mode
switch(config)# interface TwentyGigE 0/1/2
 Make the interface up
switch(config-if)# no shutdown

Set PVID as VLAN 2
switch(config-if)# switchport pvid 2
 Return to Privileged EXEC mode
switch(config-if)# end
3. Wait for around 30 seconds (topology settlement) to initiate ping from
Host A to Host B, and the ARP packet reaches Host B.
4. Enable Ingress filtering in port P1 as follows:
At Switch1:
 Enter into the Global configuration mode
switch# configure terminal
 Enter into the Interface configuration mode
switch(config)# interface TwentyGigE 0/1/1
 Configure the Ingress filter
switch(config-if)# switchport ingress-filter
 Return to Privileged EXEC mode
switch(config-vlan)# end
5. View the VLAN related configurations by executing the following
commands:
switch# show vlan
Vlan database
------------------Vlan ID
: 2
Member Ports
: Gi0/2
Untagged Ports
: Gi0/2
Forbidden Ports
: None
Name
:
Status
: Permanent
-------------------------------------------switch# show vlan port config port TwentyGigE 0/1/1
Vlan Port configuration table
------------------------------Port Gi0/1
Port
Vlan ID
: 2
Port Acceptable Frame Type
: Admit All
Port Ingress Filtering
: Enabled
Port Mode
: Hybrid
Port Gvrp Status
: Enabled
Port Gmrp Status
: Enabled
Port Gvrp Failed Registrations
: 0
116
Gvrp last pdu origin
: 00:00:00:00:00:00
Port Restricted Vlan Registration : Disabled
Port Restricted Group Registration: Disabled
Mac Based Support
: Disabled
Port-and-Protocol Based Support
: Enabled
Default Priority
: 0
----------------------------------------------------The APR packet reaches Host B, when the Ingress filtering is enabled.
Flow Based Provider Bridge Configuration
ICM1
PB1
P2
P2
PB2
ICM2
P1
ICM3
CB1
P1
P1
P2
CB2
ICM4
P2
HA
HB
Figure 6: Dot1ad Bridge Configuration Topology
Switch ICM1 (PB1):
MAC Address: 00:01:02:03:04:01
VLAN 1 - 10.0.0.1/255.0.0.0
Switch ICM2 (PB2):
MAC Address: 00:02:02:03:04:01
VLAN 1 – 10.0.0.2 /255.0.0.0
Switch ICM3 (CB1):
MAC Address: 00:03:02:03:04:01
VLAN 1 – 10.0.0.10/255.0.0.0
Switch ICM4 (CB2):
MAC Address: 00:04:02:03:04:01
VLAN 1 – 10.0.0.20/255.0.0.0
Host HA:
IP Address – 10.0.0.100/255.0.0.0
Host HB:
IP Address – 10.0.0.200/255.0.0.0.
Configuring Service using C-VLAN Based Service Interface
and Port-Based Service Interface
Configuration Guidelines
1. Configure C-VLAN based Service Interface (Configure Customer Edge
Port) and Port based Service Interface (configuration of Customer
Network Port (Port-Based) as follows:
2. Configuration of C-VLAN based service using C-VID registration table.
3. Configuration of Port based service by setting PVID for the Customer
Network Port (Port-Based).
4. Configuration of S-VLAN.
Default Configurations
By default, all ports are configured as “Provider Network Port” in PB1 and
PB2.
Configuration Steps
1. Refer Figure 6 for the topology setup.
2. Configure P1 of PB1 as Customer Edge Port and Configure P1 of PB2 as
Customer Network Port (Port-Based).
At Switch PB1
 Enter into the Global configuration mode.
switch# configure terminal
 Enter into the Interface configuration mode.
switch# interface TwentyGigE 0/1/1
 Configure the port P1 as Customer Edge Port
switch(config-if)# bridge port-type customerEdgePort
 Exit from the Global configuration mode
switch(config-if)#end
At Switch PB2
 Enter into the Global configuration mode
switch# configure terminal
 Enter into the Interface configuration mode
118
switch(config)# interface TwentyGigE 0/1/1
 Configure the port P1 as Customer Edge Port
switch(config-if)# bridge port-type customerNetworkPort portbased
 Exit from the Global configuration mode
switch(config-if)#end
3. Configure the S-VLAN 2 with member ports as P1, P2 and untagged port
as P1 in both PB1 and PB2.
At Switch PB1
 Enter into the Global configuration mode
switch# configure terminal
 Enter into the VLAN configuration mode
switch(config)# vlan 2
 Configure the port P1, P2 as member ports and P1 as untagged port
for S-VLAN 2
switch(config-vlan)# ports TwentyGigE 0/1/1,0/0/2 untagged
gigabitethernet0/1
 Exit from the VLAN configuration mode
switch(config-vlan)#end
At Switch PB2
 Enter into the Global configuration mode
switch# configure terminal
 Enter into the VLAN configuration mode
switch(config)# vlan 2
 Configure the port P1, P2 as member ports and P1 as untagged port
for S-VLAN 2
switch(config-vlan)# ports TwentyGigE 0/1/1,0/2 untagged
gigabitethernet0/1
 Exit from the VLAN configuration mode
switch(config-vlan)#end
4. Configure the CVID Registration table for providing C-VLAN based
service
At Switch PB1
 Enter into the Global configuration mode
switch# configure terminal
 Enter into the Interface configuration mode
switch(config)# interface TwentyGigE 0/1/1
 Configure the CVID Registration table for S-VLAN 2 and C-VLAN 2.
switch(config-if)# switchport customer-vlan 2 service-vlan 2
 Exit from the Interface configuration mode
switch(config-if)#end
5. Configure the VLAN 2 with member ports as P1, P2 with untagged ports
as P1 in both CB1 and CB2.
At Switch CB1
 Enter into the Global configuration mode
switch# configure terminal
 Enter into the VLAN configuration mode
switch(config)# vlan 2
 Configure the port P1, P2 as member ports and untagged member
port as P2 for VLAN2
switch(config-vlan)# ports TwentyGigE 0/1/1,0/2 untagged
gigabitethernet0/2
 Exit from the VLAN configuration mode
switch(config-vlan)#end
At Switch CB2
 Enter into the Global configuration mode
switch# configure terminal
 Enter into the VLAN configuration mode
switch(config)# vlan 2
 Configure the port P1, P2 as member ports and untagged member
port as P2 for VLAN2
switch(config-vlan)# ports TwentyGigE 0/1/1,0/2 untagged
gigabitethernet0/2
 Exit from the VLAN configuration mode
switch(config-vlan)#end
6. Configure the PVID for port P2 on CB1 and CB2 as VLAN 2 and
configure the PVID of Port P1 on PB2 as VLAN 2.
At Switch PB2
 Enter into the Global configuration mode
switch# configure terminal
 Enter into the Interface configuration mode
switch(config)# interface TwentyGigE 0/1/1
 Configure the PVID of the port P1 as S-VLAN 2
switch(config-if)# switchport pvid 2
 Exit from the Interface configuration mode
switch(config-if)#end
At Switch CB1
 Enter into the Global configuration mode
switch# configure terminal
 Enter into the Interface configuration mode
120
switch(config)# interface TwentyGigE 0/1/1
 Configure the PVID of the port P2 as VLAN 2
switch(config-if)# switchport pvid 2
 Exit from the Interface configuration mode
switch(config-if)#end
At Switch CB2
 Enter into the Global configuration mode
switch# configure terminal
 Enter into the Interface configuration mode
switch(config)# interface TwentyGigE 0/1/1
 Configure the PVID of the port P2 as VLAN 2
switch(config-if)# switchport pvid 2
 Exit from the Interface configuration mode
switch(config-if)#end
At Switch PB1
1. View the configured port types by executing the following command:
switch# show provider-bridge port config port TwentyGigE 0/1/1
Provider Bridge Port configuration table
----------------------------------------Port Gi0/1
Port Type
: Customer Edge Port
Dot1x Protocol Tunnel Status
: Peer
LACP Protocol Tunnel Status
: Peer
Spanning Tree Tunnel Status
: Peer
GVRP Protocol Tunnel Status
: Discard
GMRP Protocol Tunnel Status
: Discard
IGMP Protocol Tunnel Status
: Discard
Service Vlan Classification
: Customer Vlan
Ingress EtherType
: 0x88a8
Egress EtherType
: 0x8100
EtherType Swap Status
: Disable
Service Vlan Translation Status : Disable
Require Drop Encoding
: False
Use_Dei
: False
PCP Selection Row
: 8P0D
Unicast Mac Learning Status
: Enable
Unicast Mac Learning Limit
: 150
Customer Vlan
: 1
Customer Vlan Status
: Enabled
------------------------------------------2. View the VLAN configurations by executing the following command:
switch# show vlan
Vlan database
------------Vlan ID
: 1
Member Ports
:
Untagged Ports
: None
Forbidden Ports
: None
Name
:
Status
: Permanent
ServiceType
: E-LAN
MacLearning Status
: Enabled
---------------------------------------------------Vlan ID
: 2
Member Ports
: Gi0/1, Gi0/2
Untagged Ports
: Gi0/1
Forbidden Ports
: None
Name
:
Status
: Permanent
ServiceType
: E-LAN
MacLearning Status
: Enabled
----------------------------------------------------3. View the C-VLAN based service configuration by executing the following
command
switch# show service vlan cvlan
Service Vlan Classification
--------------------------------------Service Vlan
Port
Customer Vlan Untag-pep Untag-cep
----------- ----------------------------------------2
Gi0/1
2
False
False
At Switch PB2
1. View the configured port types by executing the following command:
switch# show provider-bridge port config port TwentyGigE 0/1/1
Provider Bridge Port configuration table
-----------------------------------------
122
Port Gi0/1
Port Type
Port(Port-Based)
: Customer Network
Dot1x Protocol Tunnel Status
: Peer
LACP Protocol Tunnel Status
: Peer
Spanning Tree Tunnel Status
: Tunnel
GVRP Protocol Tunnel Status
: Tunnel
GMRP Protocol Tunnel Status
: Tunnel
IGMP Protocol Tunnel Status
: Tunnel
Service Vlan Classification
: PVID
Ingress EtherType
: 0x88a8
Egress EtherType
: 0x88a8
EtherType Swap Status
: Disable
Service Vlan Translation Status
: Disable
Require Drop Encoding
: False
Use_Dei
: False
PCP Selection Row
: 8P0D
Unicast Mac Learning Status
: Enable
Unicast Mac Learning Limit
: 150
---------------------------------------------------2. Verify the VLAN configuration by executing the following command:
switch# show vlan
Vlan database
------------Vlan ID
: 1
Member Ports
:
Untagged Ports
: None
Forbidden Ports
: None
Name
:
Status
: Permanent
ServiceType
: E-LAN
MacLearning Status
: Enabled
---------------------------------------------------Vlan ID
: 2
Member Ports
: Gi0/1, Gi0/2
Untagged Ports
: Gi0/1
Forbidden Ports
: None
Name
:
Status
: Permanent
ServiceType
: E-LAN
MacLearning Status
: Enabled
At Switch CB1
1. Verify the VLAN configuration by executing the following command:
switch# show vlan
Vlan database
------------Vlan ID
: 1
Member Ports
Gi0/5, Gi0/6
: Gi0/1, Gi0/2, Gi0/3, Gi0/4,
Gi0/7, Gi0/8, Gi0/9, Gi0/10,
Gi0/11, Gi0/12
Gi0/13, Gi0/14, Gi0/15, Gi0/16,
Gi0/17, Gi0/18
Gi0/19, Gi0/20, Gi0/21, Gi0/22,
Gi0/23, Gi0/24
Untagged Ports
Gi0/5, Gi0/6
: Gi0/1, Gi0/2, Gi0/3, Gi0/4,
Gi0/7, Gi0/8, Gi0/9, Gi0/10,
Gi0/11, Gi0/12
Gi0/13, Gi0/14, Gi0/15, Gi0/16,
Gi0/17, Gi0/18
Gi0/19, Gi0/20, Gi0/21, Gi0/22,
Gi0/23, Gi0/24
Forbidden Ports
: None
Name
:
Status
: Permanent
---------------------------------------------------Vlan ID
: 2
Member Ports
: Gi0/1, Gi0/2
Untagged Ports
: Gi0/2
Forbidden Ports
: None
Name
:
Status
: Permanent
2. Verify the Spanning Tree configuration by executing the following
command:
switch# show spanning-tree
Root Id
Priority
32768
Address
00:03:02:03:04:01
Cost
0
124
Port
0 [0]
This bridge is the root
Max age 20 Sec, forward delay 15 Sec
MST00
MST00 is executing the mstp compatible Multiple
Spanning Tree Protocol
Bridge Id
Priority
Address
32768
00:03:02:03:04:01
Max age is 20 sec, forward delay is 15
sec
Name
Role
State
Cost
Prio
Type
----
----
-----
----
----
-----
Gi0/1
Designated
Forwarding
200000
128
SharedLan
Gi0/2
Designated
Forwarding
200000
128
SharedLan
At Switch CB2
1. Verify the VLAN configuration by executing the following command:
switch# show vlan
Vlan database
------------Vlan ID
: 1
Member Ports
Gi0/5, Gi0/6
: Gi0/1, Gi0/2, Gi0/3, Gi0/4,
Gi0/7, Gi0/8, Gi0/9, Gi0/10,
Gi0/11, Gi0/12
Gi0/13, Gi0/14, Gi0/15, Gi0/16,
Gi0/17, Gi0/18
Gi0/19, Gi0/20, Gi0/21, Gi0/22,
Gi0/23, Gi0/24
Untagged Ports
Gi0/5, Gi0/6
: Gi0/1, Gi0/2, Gi0/3, Gi0/4,
Gi0/7, Gi0/8, Gi0/9, Gi0/10,
Gi0/11, Gi0/12
Gi0/13, Gi0/14, Gi0/15, Gi0/16,
Gi0/17, Gi0/18
Gi0/19, Gi0/20, Gi0/21, Gi0/22,
Gi0/23, Gi0/24
Forbidden Ports
: None
Name
:
Status
: Permanent
----------------------------------------------------
Vlan ID
: 2
Member Ports
: Gi0/1, Gi0/2
Untagged Ports
: Gi0/2
Forbidden Ports
: None
Name
:
Status
: Permanent
2. Verify the Spanning Tree configuration by executing the following
command:
switch# show spanning-tree
Root Id
Priority
32768
Address
00:03:02:03:04:01
Cost
400000
Port
1 [Gi0/1]
Max age 20 Sec, forward delay 15 Sec
MST00
MST00 is executing the mstp compatible Multiple
Spanning Tree Protocol
Bridge Id
Priority
Address
32768
00:04:02:03:04:01
Max age is 20 sec, forward delay is 15
sec
Name
Role
----
----
State
Cost
----Forwarding
----
Gi0/1
Root
200000
Gi0/2
Designated Forwarding
200000
Prio
Type
----
------
128
SharedLan
128
SharedLan
Translating VLAN in Provider Networks
Configuration Guidelines
1. Configuration of VID Translation table.
2. Configuration of Port based Service by setting PVID for the Customer
Network Port Port-Based.
3. Configuration of S-VLAN.
Default Configurations
By default, all the ports are configured, as “Provider Network Port” in PB1
and PB2 and Local VID is equal to Relay VID in the VID Translation table.
126
Configuration Steps
1. Refer Figure 6 for topology setup.
2. Configure port P1 in PB1 and PB2 as “Customer Network Port (PortBased)”.
At Switch PB1
switch# configure terminal
switch# interface TwentyGigE 0/1/1
switch(config-if)# bridge port-type customerNetworkPort portbased
switch(config-if)#end
At Switch PB2
switch# configure terminal
switch# interface TwentyGigE 0/1/1
switch(config-if)# bridge port-type customerNetworkPort portbased
switch(config-if)#end
3. Create VLAN 2 with member ports as P1, P2 and untagged member
ports as P1 in PB1.
At Switch PB1
switch# configure terminal
switch# vlan 2
switch(config-vlan)# ports TwentyGigE 0/1/1,0/2 untagged
TwentyGigE 0/1/1
switch(config-vlan)#end
4. Create VLAN 3 with member ports as P1, P2 and untagged member
ports as P1 in PB1.
At Switch PB1
switch# configure terminal
switch(config)# vlan 3
switch(config-vlan)# ports TwentyGigE 0/1/1,0/2 untagged
TwentyGigE 0/1/1
switch(config-vlan)#end
5. Configure the VID Translation table for port P2 in PB1 as Local VID-3,
Relay VID-2.
At Switch PB1
switch# configure terminal
switch(config)# interface TwentyGigE 0/1/1
6. Configure the VID Translation table for port P2 as Local VID-3, Relay
VID-2.
switch(config-if)# switchport service vlan mapping 3 2
switch(config-if)#end
In CB1 and CB2 do the following:
1. Create VLAN 2 with member ports as P1, P2, with p2 as untagged
member port
2. Configure the PVID for port P2 as VLAN 2.
At switch CB1
switch# configure terminal
switch(config)# vlan 2
switch(config-vlan)#ports TwentyGigE 0/1/1,0/2 untagged
TwentyGigE 0/1/1
switch(config-vlan)#exit
switch(config)# interface TwentyGigE 0/1/1
switch(config-if)#switchport pvid 2
switch(config-if)#end
At switch CB2
switch# configure terminal
switch(config)# vlan 2
switch(config-vlan)#ports TwentyGigE 0/1/1,0/2 untagged
TwentyGigE 0/1/1
switch(config-vlan)#exit
switch(config)# interface TwentyGigE 0/1/1
switch(config-if)#switchport pvid 2
switch(config-if)#end
3. Configure the PVID for port P1 as VLAN 2 in PB1 and also configure the
PVID for port P1 as VLAN 3 in PB2.
At switch PB1
switch# configure terminal
switch(config)# interface TwentyGigE 0/1/1
switch(config-if)#switchport pvid 2
switch(config-if)#end
At switch PB2
switch# configure terminal
switch(config)# interface TwentyGigE 0/1/1
switch(config-if)#switchport pvid 3
switch(config-if)#end
4. Verify the configuration of VID Translation table by executing the
following command:
At Switch PB1
switch# show service vlan mapping
128
Service VLAN Mapping
------------------------Port Gi0/2
----------Local service VLAN
Relay service VLAN 2
5. Verify whether, the customer network has been settled properly by
executing the following command:
At Switch CB1
switch# show spanning-tree
Root Id
Priority
32768
Address
00:03:02:03:04:01
Cost
0
Port
0 [0]
This bridge is the root
Max age 20 Sec, forward delay 15 Sec
MST00
MST00 is executing the mstp compatible Multiple
Spanning Tree Protocol
Bridge Id
Priority
Address
00:03:02:03:04:01
Max age is 20 sec, forward delay is 15
sec
Name
32768
Role
----
State
----
Cost
-----
Prio
----
----
Type
----
Gi0/1
Designated
Forwarding
200000
128
SharedLan
Gi0/2
Designated
Forwarding
200000
128
SharedLan
At Switch CB2
switch# show spanning-tree
Root Id
Priority
32768
Address
00:03:02:03:04:01
Cost
200000
Port
1 [Gi0/1]
Max age 20 Sec, forward delay 15 Sec
MST00
MST00 is executing the mstp compatible Multiple
Spanning Tree Protocol
Bridge Id
Priority
Address
32768
00:04:02:03:04:01
Max age is 20 sec, forward delay is 15
sec
Name
Role
State
Cost
Prio
Type
----
----
-----
----
----
----
Gi0/1
Root
Forwarding
200000
128
SharedLan
200000
128
SharedLan
Gi0/2
Designated
Forwarding
6. A Ping from Host A to Host B is successful, indicating that VLAN
translation is successfully taking place.
Configuring PCP Decoding and Encoding Table
Configuration Guidelines
1. Configure port types.
2. Configure PCP Encoding and Decoding table.
3. Configure S-VLAN.
Default Configurations
1. Refer section 0 for default configuration.
2. All ports are Provider Network ports by default.
Configuration Steps
1. Refer Figure 6 for the topology setup.
2. Configure Port P1 as Customer Network Port (Port-Based).
At Switch PB1
switch# configure terminal
switch(config)# interface TwentyGigE 0/1/1
switch(config-if)# bridge port-type customerNetworkPort portbased
switch(config-if)# end
3. Configure the PCP selection row for port P1 and P2 as 7P1D.
At Switch PB1
switch# configure terminal
switch(config)# interface TwentyGigE 0/1/1
 Configure the PCP selection row for port P1 as 7P1D.
switch(config-if)# switchport provider-bridge pcp-selection-row
7P1D
switch(config-if)# exit
switch(config)# interface TwentyGigE 0/1/1
 Configure the PCP selection row for port P2 as 7P1D.
130
switch(config-if)# switchport provider-bridge pcp-selection-row
7P1D
switch(config-if)# end
4. Configure the PCP decoding table for the received PCP value 5 to be
decoded as priority 6 and drop-eligible true in Port P1 of PB1.
At Switch PB1
switch# configure terminal
switch(config)# interface TwentyGigE 0/1/1
 Configure the PCP decoding table for the Port P1 as PCP - 5, Priority
– 6 and DE - True.
switch(config-if)# pcp-decoding 7P1D pcp 5 priority 6 dropeligible true
switch(config-if)# end
5. Configure the PCP encoding table for the Port P2 as priority - –6, dropeligible - true, the PCP value as 5.
At Switch PB1
switch# configure terminal
switch(config)# interface TwentyGigE 0/1/1
 PCP encoding table for the priority 6 drop-eligible true, the PCP
value as 5.
switch(config-if)# pcp-encoding 7P1D priority 6 drop-eligible
true pcp 5
switch(config-if)# end
6. View the PCP encoding/decoding table configurations by executing the
following command.
switch# show provider-bridge pcp decoding port TwentyGigE 0/1/1
switch# show provider-bridge pcp encoding port TwentyGigE 0/1/1
switch# show provider-bridge pcp decoding port TwentyGigE 0/1/1
Port Gi0/1
----------PCP
: 0
1
2
3
4
5
6
7
---------------------------------------------8POD
: 0
1
2
3
4
5
6
7
7P1D
: 0
1
2
3
4DE
6DE
6
7
6P2D
: 0
1
2DE
2
4DE
4
6
7
5P3D
: 0DE
0
2DE
2
4DE
4
6
7
switch# show provider-bridge pcp encoding port TwentyGigE 0/1/1
Port Gi0/2
----------DropEligible: 0 0DE 1 1DE 2 2DE 3 3DE 4 4DE 5 5DE 6
6DE 7 7DE
Priority
:
-----------------------------------------------------8POD
: 0
0
1
1
2
2
3
3
4
4
5
5
6
6
7
7
7P1D
: 0
0
1
1
2
2
3
3
5
4
5
4
6
5
7
7
6P2D
: 0
0
1
1
3
2
3
2
5
4
5
4
6
6
7
7
5P3D
: 1
0
1
0
3
2
3
2
5
4
5
4
6
6
7
7
7. Create VLAN 2 with member ports as P1 and P2.
At Switch PB1
switch# configure terminal
switch(config)# vlan 2
switch(config-vlan)# ports TwentyGigE 0/1/1,0/2
switch(config-vlan)# end
8. Send a VLAN 2 tagged packet with priority as 5 from Host A to port P1 of
PB1.
9. Verify that the packet is sent out with VLAN 2 tag and priority 5 on port
P2 of PB1.
Configuring Provider Edge Port Configurations and Service
Priority Regeneration Table
Configuration Guidelines
1.
2.
3.
4.
Configure port types.
Configure S-VLAN.
Configure PEP configurations.
Configure Service Priority Regeneration table configuration.
Default Configurations
1. Refer section 0 for default configurations.
2. All ports are Provider Network ports by default.
3. Provider Edge Port has the following default values:




PVID – CVID of the first customer VLAN assigned to this service.
User Priority – 0
Acceptable Frame Types – AdmitAll
Enable Ingress Filtering – Disabled.
4. Service Priority Regeneration table has receive-priority equal to
regenerated priority.
Configuration Steps
1. Refer Figure 6 for the topology setup.
2. Configure port P1 as Customer Edge Port.
132
At Switch PB1
switch# configure terminal
switch(config)# interface TwentyGigE 0/1/1
switch(config-if)# bridge port-type customerEdgePort
switch(config-if)# no shutdown
switch(config-if)# exit
switch(config)# interface TwentyGigE 0/1/1
switch(config-if)# no shutdown
switch(config-if)# exit
3. Configure the S-VLAN membership.
At Switch PB1
switch# configure terminal
switch(config)# vlan 2
switch(config-vlan)# ports TwentyGigE 0/1/1-2 untagged
TwentyGigE 0/1/1
switch(config-vlan)# end
4. Create Provider Edge port and configure Provider Edge port
configurations.
At Switch PB1
switch# configure terminal
switch(config)# interface TwentyGigE 0/1/1
switch(config-if)#switchport customer-vlan 2 service-vlan 2
5. Configure PVID for Provider Edge port (P1, S-VLAN2).
switch(config-if)#service-vlan 2 pvid 2
6. Configure Ingress filter for Provider Edge port (P1, S-VLAN2)
switch(config-if)#service-vlan 2 ingress-filter enable
switch(config-if)#end
7. Configure Service Priority Regeneration table for the internal CNP (P1, SVLAN2).
At Switch PB1
switch# configure terminal
switch(config)# interface TwentyGigE 0/1/1
8. Configure Service Priority Regeneration table for the Internal Customer
Network port (P1, S-VLAN 2).
switch(config-if)#service-vlan 2 recv-priority 2 regen-priority 3
switch(config)# end
9. Provider Edge port configuration is viewed as:
switch# show provider-bridge pep configuration
Provider Edge Port configuration
-------------------------------------
Port Gi0/1
Service VLAN-ID
: 2
Port VLAN-ID
: 2
Acceptable Frame Type
: Admit all
Ingress Filtering
: Enabled
Default Priority
: 0
Oper status
: Up
10. Service Priority Regeneration table configuration is viewed as:
switch# show provider-bridge priority regen
Service Priority Regeneration table
----------------------------------Port : Gi0/1
Service VLAN-ID : 2
Receive Priority
Regenerated Priority
-----------------
---------------------
0
0
1
1
2
3
3
3
4
4
5
5
6
6
7
7
A unicast C-VLAN 2 tagged packet with priority 2 that is sent from Host A
reaches Host B as a double tagged packet with priority in the outertag as 3”.
Tunneling Of Customer STP Packets and Customer GVRP
Protocol Packets – Provider Bridges
This section describes the tunneling of Customer Spanning Tree Protocol
packets and Customer GVRP protocol packets at provider bridges present in
the provider network.
Configuration Guidelines
1.
2.
3.
4.
5.
6.
7.
Configure the ports as customer ports (access ports).
Disable Spanning Tree on port, where STP tunneling is required.
Set the STP tunneling.
Disable GVRP on port, where GVRP tunneling is required.
Set the GVRP tunneling.
Configure the service interfaces.
Configure the S-VLAN.
134
Default Configurations
1. Refer section 0 for default configuration.
2. All ports are configured as “Provider Network ports” by default.
Configuration Steps
1. Refer Figure 6 for topology setup.
2. Configure port P1 of PB1 as Customer Edge Port and port P1 of PB2 as
Customer Network Port (Port-Based).
At Switch PB1
switch# configure terminal
switch# interface TwentyGigE 0/1/1
switch(config-if)# bridge port-type customerEdgePort
switch(config-if)#end
At Switch PB2
switch# configure terminal
switch# interface TwentyGigE 0/1/1
switch(config-if)# bridge port-type customerNetworkPort portbased
switch(config-if)#end
3. Create VLAN 2 with member ports as P1, P2 and untagged member port
as P1 in both PB1 and PB2 bridges.
At Switch PB1
switch# configure terminal
switch(config)# vlan 2
switch(config-vlan)# ports TwentyGigE 0/1/1,0/2 untagged
TwentyGigE 0/1/1
switch(config-vlan)#end
At Switch PB2
switch# configure terminal
switch(config)# vlan 2
switch(config-vlan)# ports TwentyGigE 0/1/1,0/2 untagged
TwentyGigE 0/1/1
switch(config-vlan)#end
4. Configure the CVID Registration table for the port P1 in PB1 as “C-VLAN
2, S-VLAN 2”. This results in creating the PEP for S-VLAN 2 in the CVLAN component.
At switch PB1
switch# configure terminal
switch(config)# interface TwentyGigE 0/1/1
switch(config-if)# switchport customer-vlan 2 service-vlan 2
switch(config-vlan)#end
5. Configure the port PVID of P1 in PB2 as VLAN 2.
At Switch PB2
switch# configure terminal
switch(config)# interface TwentyGigE 0/1/1
switch(config-if)# switchport pvid 2
switch(config-if)#end
6. Disable the Spanning Tree on port P1 and configure the CPVID for the
port P1 as VLAN 2.
At Switch PB2
switch# configure terminal
switch(config)# interface TwentyGigE 0/1/1
7. Disable the Spanning Tree on port P1.
switch(config-if)# spanning-tree disable
8. Configure the CPVID as 2 for the port P1.
switch(config-if)# switchport Dot1q customer vlan 2
switch(config-if)#end
9. Configure the tunnel status for STP, GVRP as “tunnel” in port P1 of PB1.
In Customer Network ports, the tunnel protocol status for STP and GVRP
are “tunnel” by default. So, there is no need for configuring tunnel status
in PB2.
At Switch PB1
switch# configure terminal
switch(config)# interface TwentyGigE 0/1/1
10. Enable the tunnel status of STP in port P1.
switch(config-if)# l2protocol-tunnel stp
11. Enable the tunnel status of GVRP in port P1.
switch(config-if)# l2protocol-tunnel gvrp
switch(config-if)#end
12. Create the VLAN 2 with member port as P2 and untagged member port
as P2 in both CB1 and CB2. Also configure the PVID of the port P2 as
VLAN 2 in CB1 and CB2.
At Switch CB1
switch# configure terminal
switch(config)# vlan 2
switch(config-vlan)#ports TwentyGigE 0/1/1 untagged
TwentyGigE 0/1/1
switch(config-vlan)# exit
switch(config)#interface TwentyGigE 0/1/1
switch(config-if)#switchport pvid 2
136
switch(config-if)#end
At Switch CB2
switch# configure terminal
switch(config)# vlan 2
switch(config-vlan)#ports TwentyGigE 0/1/1 untagged
TwentyGigE 0/1/1
switch(config-vlan)# exit
switch(config)#interface TwentyGigE 0/1/1
switch(config-if)#switchport pvid 2
switch(config-if)#end
13. Now, the VLAN 2 is learnt on the port P1 of CB1 and CB2, and port P1 is
the root port of the Customer Network-Spanning Tree.
At Switch PB1
Verify that the Customer Spanning Tree is disabled.
switch# show customer spanning-tree
Port [Gi0/1] Root Id
Priority
0
Address
00:00:00:00:00:00
Cost
0
Root Ports
Hello Time 2 Sec, Max Age 20 Sec,
Forward Delay 15 Sec
Customer Spanning tree Protocol has been disabled
Bridge Id
Priority 0
Address 00:01:02:03:04:01
Hello Time 2 sec, Max Age 0 sec,
Forward Delay 15 sec
Name
----
Role
----
State
-----
PEP-Service:2
SharedLan
Disabled
CEP-Gi0/1
SharedLan
Disabled
Cost
---Unknown
Unknown
Prio
---128
Type
-----
32
200000 32
------------------------------------------------Verify that the STP and GVRP tunnel status are configured as “tunnel”.
switch# show provider-bridge port config port TwentyGigE 0/1/1
Provider Bridge Port configuration table
----------------------------------------Port Gi0/1
Port Type
Port
: Customer Edge
Dot1x Protocol Tunnel Status
: Peer
LACP Protocol Tunnel Status
: Peer
Spanning Tree Tunnel Status
: Tunnel
GVRP Protocol Tunnel Status
: Tunnel
GMRP Protocol Tunnel Status
: Discard
IGMP Protocol Tunnel Status
: Discard
Service Vlan Classification
: Customer Vlan
Ingress EtherType
: 0x88a8
Egress EtherType
: 0x8100
EtherType Swap Status
: Disable
Service Vlan Translation Status
: Disable
Require Drop Encoding
: False
Use_Dei
: False
PCP Selection Row
: 8P0D
Unicast Mac Learning Status
: Enable
Unicast Mac Learning Limit
: 150
Customer Vlan
: 2
Customer Vlan Status
: Enabled
---------------------------------------------------At Switch CB1
Verify the Spanning Tree port roles and states by executing the following
command:
switch# show spanning-tree
Root Id
Priority
32768
Address
00:03:02:03:04:01
Cost
0
Port
0 [0]
This bridge is the root
Max age 20 Sec, forward delay 15 Sec
MST00
MST00 is executing the mstp compatible Multiple
Spanning Tree Protocol
Bridge Id
Priority
Address
sec
32768
00:03:02:03:04:01
Max age is 20 sec, forward delay is 15
138
Name
----
Role
State
----
Cost
-----
----
Prio
Type
---- ------
Gi0/1 Designated
Forwarding
200000
128
SharedLan
Gi0/2 Designated
Forwarding
200000
128
SharedLan
Verify the VLAN configuration by executing the following command:
switch# show vlan
VLAN database
------------VLAN ID
: 1
Member Ports
Gi0/5, Gi0/6
: Gi0/1, Gi0/2, Gi0/3, Gi0/4,
Gi0/7, Gi0/8, Gi0/9, Gi0/10,
Gi0/11, Gi0/12
Gi0/13, Gi0/14, Gi0/15, Gi0/16,
Gi0/17, Gi0/18
Gi0/19, Gi0/20, Gi0/21, Gi0/22,
Gi0/23, Gi0/24
Untagged Ports
Gi0/5, Gi0/6
: Gi0/1, Gi0/2, Gi0/3, Gi0/4,
Gi0/7, Gi0/8, Gi0/9, Gi0/10,
Gi0/11, Gi0/12
Gi0/13, Gi0/14, Gi0/15, Gi0/16,
Gi0/17, Gi0/18
Gi0/19, Gi0/20, Gi0/21, Gi0/22,
Gi0/23, Gi0/24
Forbidden Ports
: None
Name
:
Status
: Permanent
---------------------------------------------------VLAN ID
: 2
Member Ports
: Gi0/1, Gi0/2
Untagged Ports
: Gi0/2
Forbidden Ports
: None
Name
:
Status
: Permanent
At Switch CB2
Verify the spanning tree port roles and states by executing the following
command:
switch# show spanning-tree
Root Id
Priority
32768
Address
00:03:02:03:04:01
Cost
200000
Port
1 [Gi0/1]
Max age 20 Sec, forward delay 15 Sec
MST00
MST00 is executing the mstp compatible Multiple
Spanning Tree Protocol
Bridge Id
Priority
Address
32768
00:04:02:03:04:01
Max age is 20 sec, forward delay is 15
sec
Name
Role
State
Cost
Prio
----
----
-----
----
----
Gi0/1
Root
Forwarding
Gi0/2
Designated
Forwarding
200000
200000
Type
----
128
SharedLan
128
SharedLan
Verify the VLAN configuration by executing the following command:
switch# show vlan
VLAN database
------------VLAN ID
: 1
Member Ports
Gi0/5, Gi0/6
: Gi0/1, Gi0/2, Gi0/3, Gi0/4,
Gi0/7, Gi0/8, Gi0/9, Gi0/10,
Gi0/11, Gi0/12
Gi0/13, Gi0/14, Gi0/15, Gi0/16,
Gi0/17, Gi0/18
Gi0/19, Gi0/20, Gi0/21, Gi0/22,
Gi0/23, Gi0/24
Untagged Ports
Gi0/5, Gi0/6
: Gi0/1, Gi0/2, Gi0/3, Gi0/4,
Gi0/7, Gi0/8, Gi0/9, Gi0/10,
Gi0/11, Gi0/12
Gi0/13, Gi0/14, Gi0/15, Gi0/16,
Gi0/17, Gi0/18
Gi0/19, Gi0/20, Gi0/21, Gi0/22,
Gi0/23, Gi0/24
Forbidden Ports
: None
Name
:
Status
: Permanent
----------------------------------------------------
140
VLAN ID
: 2
Member Ports
: Gi0/1, Gi0/2
Untagged Ports
: Gi0/2
Forbidden Ports
: None
Name
:
Status
: Permanent
14. Ping from Host A to Host B. The ping is successful.
Tunneling of Dot1x Protocol in Provider Bridges
Configuration Guidelines
1.
2.
3.
4.
5.
Configure the bridge mode for PB1 and PB2 as Provider Core Bridges.
Configure the bridge mode for CB1 and CB2 as Customer Bridges.
Disable Dot1x on all the provider bridges.
Set the Dot1x tunneling
Configure Dot1x authenticator and supplicant in both the customer
bridges.
6. Configure the S-VLAN.
Default Configurations
1.
2.
3.
4.
Refer section 0 for default configuration..
All ports are configured as “Provider Network Ports” by default.
Dot1x is enabled in all bridges by default.
Supplicant authorizes the username and password by default as given
below:
 Username – guest
 Password – future
Configuration Steps
1. Refer Figure 6 for the topology setup.
2. Configure port P1 of PB1 and PB2 as “Customer Network Port (Port
Based)”.
At switch PB1
switch#configure terminal
switch(config)# interface TwentyGigE 0/1/1
switch(config-if)# bridge port-type customerNetworkPort portbased
switch(config-if)# end
At switch PB2
switch#configure terminal
switch(config)# interface TwentyGigE 0/1/1
switch(config-if)# bridge port-type customerNetworkPort portbased
switch(config-if)# end
3. Configure the Dot1x module status as disabled on both PB1 and PB2.
At Switch PB1
switch#configure terminal
4. Disable Dot1x module status.
switch(config)# no dot1x system-auth-control
switch(config)#end
At Switch PB2
switch#configure terminal
5. Disable Dot1x module status.
switch(config)# no dot1x system-auth-control
switch(config)#end
6. Configure the Dot1x tunnel status for port P1 as “tunnel” in both PB1 and
PB2.
At Switch PB1
switch#configure terminal
switch(config)# interface TwentyGigE 0/1/1
switch(config-if)# l2protocol-tunnel dot1x
switch(config-if)#end
At Switch PB2
switch#configure terminal
switch(config)# interface TwentyGigE 0/1/1
switch(config-if)# l2protocol-tunnel dot1x
switch(config-if)#end
7. Create VLAN 2 with member ports as P1, P2 and untagged member port
as P1 on both PB1 and PB2. Configure PVID of the port P1 as VLAN 2 in
both PB1 and PB2.
At Switch PB1
switch#configure terminal
switch(config)# vlan 2
switch(config-vlan)# ports TwentyGigE 0/1/1,0/2 untagged
TwentyGigE 0/1/1
switch(config-vlan)#exit
switch(config)# interface TwentyGigE 0/1/1
switch(config-if)#switchport pvid 2
switch(config-if)#end
At Switch PB2
142
switch#configure terminal
switch(config)# vlan 2
switch(config-vlan)# ports TwentyGigE 0/1/1 untagged
TwentyGigE 0/1/1
switch(config-vlan)#exit
switch(config)# interface TwentyGigE 0/1/1
switch(config-if)#switchport pvid 2
switch(config-if)#end
8. Configure the authenticator and supplicant in both CB1 and CB2.
At Switch CB1
switch#configure terminal
switch(config)# dot1x local-database guest password future
permission allow
switch(config)#interface TwentyGigE 0/1/1
switch(config-if)# dot1x port-control auto
switch(config-if)#end
At Switch CB2
switch#configure terminal
switch(config)# dot1x local-database guest password future
permission allow
switch(config)#interface TwentyGigE 0/1/1
switch(config-if)# dot1x port-control auto
switch(config-if)#end
9. Verify the above configurations in all the switches.
At Switch PB1
Verify that the Dot1x module status is disabled by executing the following
command:
switch# show dot1x
Sysauthcontrol
= Disabled
Module Oper Status
= Disabled
Dot1x Protocol Version
= 2
Dot1x Authentication Method
= Local
Nas ID
= fsNas1
View the port type configuration and Dot1x tunnel status configuration by
executing the following command:
switch# show provider-bridge port config port TwentyGigE 0/1/1
Provider Bridge Port configuration table
----------------------------------------Port Gi0/1
Port Type
Port(Port-Based)
: Customer Network
Dot1x Protocol Tunnel Status
: Tunnel
LACP Protocol Tunnel Status
: Peer
Spanning Tree Tunnel Status
: Tunnel
GVRP Protocol Tunnel Status
: Tunnel
GMRP Protocol Tunnel Status
: Tunnel
IGMP Protocol Tunnel Status
: Tunnel
Service VLAN Classification
: PVID
Ingress EtherType
: 0x88a8
Egress EtherType
: 0x88a8
EtherType Swap Status
: Disable
Service VLAN Translation Status
: Disable
Require Drop Encoding
: False
Use_Dei
: False
PCP Selection Row
: 8P0D
Unicast Mac Learning Status
: Enable
Unicast Mac Learning Limit
: 150
---------------------------------------------------At Switch PB2
Verify that the Dot1x module status is disabled by executing the following
command:
switch# show dot1x
Sysauthcontrol
= Disabled
Module Oper Status
= Disabled
Dot1x Protocol Version
= 2
Dot1x Authentication Method
= Local
Nas ID
= fsNas1
View the Port Type configuration and Dot1x Tunnel Status configuration
by executing the following command
switch# show provider-bridge port config port TwentyGigE 0/1/1
Provider Bridge Port configuration table
----------------------------------------Port Gi0/1
Port Type
Network Port(Port-Based)
: Customer
Dot1x Protocol Tunnel Status
: Tunnel
LACP Protocol Tunnel Status
: Peer
Spanning Tree Tunnel Status
: Tunnel
144
GVRP Protocol Tunnel Status
: Tunnel
GMRP Protocol Tunnel Status
: Tunnel
IGMP Protocol Tunnel Status
: Tunnel
Service VLAN Classification
: PVID
Ingress EtherType
: 0x88a8
Egress EtherType
: 0x88a8
EtherType Swap Status
: Disable
Service VLAN Translation Status
: Disable
Require Drop Encoding
: False
Use_Dei
: False
PCP Selection Row
: 8P0D
Unicast Mac Learning Status
: Enable
Unicast Mac Learning Limit
: 150
---------------------------------------------------At Switch CB1
Verify the Dot1x local database by executing the following command:
switch# show dot1x local-database
Pnac Authentication Users Database
----------------------------------User name
: guest
Protocol
: 4
Timeout
: 0 seconds
Ports
Gi0/6
Gi0/12
Gi0/17, Gi0/18
Gi0/23, Gi0/24
Permission
Gi0/1, Gi0/2, Gi0/3, Gi0/4, Gi0/5,
Gi0/7, Gi0/8, Gi0/9, Gi0/10, Gi0/11,
Gi0/13, Gi0/14, Gi0/15, Gi0/16,
Gi0/19, Gi0/20, Gi0/21, Gi0/22,
: Allow
Verify that the port status is authorized by executing the following
command:
switch# show dot1x interface TwentyGigE 0/1/1
Dot1x Info for Gi0/1
--------------------PortStatus
= AUTHORIZED
AccessControl
= INACTIVE
AuthSM State
= AUTHENTICATED
SuppSM State
= AUTHENTICATED
BendSM State
= IDLE
AuthPortStatus
= AUTHORIZED
SuppPortStatus
= AUTHORIZED
AdminControlDirection = BOTH
OperControlDirection
= BOTH
MaxReq
= 2
Port Control
= Auto
QuietPeriod
= 60 Seconds
Re-authentication
= Disabled
ReAuthPeriod
= 3600 Seconds
ServerTimeout
= 30 Seconds
SuppTimeout
= 30 Seconds
Tx Period
= 30 Seconds
At Switch CB2
Verify the dot1x local database by executing the following command:
switch# show dot1x local-database
Pnac Authentication Users Database
----------------------------------User name
: guest
Protocol
: 4
Timeout
: 0 seconds
Ports
Gi0/6
Gi0/12
Gi0/17, Gi0/18
Gi0/23, Gi0/24
Permission
Gi0/1, Gi0/2, Gi0/3, Gi0/4, Gi0/5,
Gi0/7, Gi0/8, Gi0/9, Gi0/10, Gi0/11,
Gi0/13, Gi0/14, Gi0/15, Gi0/16,
Gi0/19, Gi0/20, Gi0/21, Gi0/22,
: Allow
10. Verify that the port status is authorized by executing the following
command:
switch# show dot1x interface TwentyGigE 0/1/1
Dot1x Info for Gi0/1
--------------------PortStatus
= AUTHORIZED
AccessControl
= INACTIVE
AuthSM State
= AUTHENTICATED
146
SuppSM State
= AUTHENTICATED
BendSM State
= IDLE
AuthPortStatus
= AUTHORIZED
SuppPortStatus
= AUTHORIZED
AdminControlDirection = BOTH
OperControlDirection
= BOTH
MaxReq
= 2
Port Control
= Auto
QuietPeriod
= 60 Seconds
Re-authentication
= Disabled
ReAuthPeriod
= 3600 Seconds
ServerTimeout
= 30 Seconds
SuppTimeout
= 30 Seconds
Tx Period
= 30 Seconds
Tunneling Of Customer STP Packets and Customer GVRP
Protocol Packets – Customer Bridges
This section describes the tunneling of Customer STP packets and Customer
GVRP protocol packets at Customer bridges present in the provider network.
Configuration Guidelines
1. Disable Spanning Tree on port where STP tunneling is required.
2. Disable GVRP on port where GVRP tunneling is required.
3. Set the STP tunneling and GVRP tunneling.
4. Configure S-VLAN
Default Configurations
Refer section 0 for default configuration.
All bridges ICM1, ICM2, ICM3 and ICM4 will be configured as customer
bridges.
Configuration Steps
1. Refer Figure 6 for topology setup.
2. Create VLAN 2 with member ports as P1, P2 and untagged member port
as P1 in both ICM1 and ICM2 bridges.
At Switch ICM1
switch# configure terminal
switch(config)# vlan 2
switch(config-vlan)# ports TwentyGigE 0/1/1,0/2 untagged
TwentyGigE 0/1/1
switch(config-vlan)#end
At Switch ICM2
switch# configure terminal
switch(config)# vlan 2
switch(config-vlan)# ports TwentyGigE 0/1/1,0/2 untagged
TwentyGigE 0/1/1
switch(config-vlan)#end
3. Configure the port PVID of P1 in ICM1 and ICM2 as VLAN 2.
At Switch ICM1
switch# configure terminal
switch(config)# interface TwentyGigE 0/1/1
switch(config-if)# switchport pvid 2
switch(config-if)#end
At Switch ICM2
switch# configure terminal
switch(config)# interface TwentyGigE 0/1/1
switch(config-if)# switchport pvid 2
switch(config-if)#end
4. Disable Spanning Tree on port P1 of both ICM1 and ICM2.
At Switch ICM1
switch# configure terminal
switch(config)# interface TwentyGigE 0/1/1
5. Disable the Spanning Tree on port P1.
switch(config-if)# spanning-tree disable
switch(config-if)#end
At Switch ICM2
switch# configure terminal
switch(config)# interface TwentyGigE 0/1/1
6. Disable the Spanning Tree on port P1.
switch(config-if)# spanning-tree disable
switch(config-if)#end
7. Disable the GVRP Protocol on Port P1 of both ICM1 and ICM2.
At Switch ICM1
switch# configure terminal
switch(config)# switch default
 Disable the GVRP protocol on port P1.
switch(config-switch)# set port gvrp TwentyGigE 0/1/1 disable
148
switch(config-default)#end
At Switch ICM2
switch# configure terminal
switch(config)# switch default
 Disable the GVRP protocol on port P1.
switch(config-default)# set port gvrp TwentyGigE 0/1/1 disable
switch(config-default)#end
8. Configure the tunnel status for STP, GVRP as “tunnel” in port P1 of ICM1
and ICM2.
At Switch ICM1
switch# configure terminal
switch(config)# interface TwentyGigE 0/1/1
9. Configure the tunnel status of STP in port P1.
switch(config-if)# l2protocol-tunnel stp
10. Configure the tunnel status of GVRP in port P1.
switch(config-if)# l2protocol-tunnel gvrp
switch(config-if)#end
At Switch ICM2
switch# configure terminal
switch(config)# interface TwentyGigE 0/1/1
11. Enable the tunnel status of STP in port P1.
switch(config-if)# l2protocol-tunnel stp
12. Enable the tunnel status of GVRP in port P1.
switch(config-if)# l2protocol-tunnel gvrp
switch(config-if)#end
13. Create VLAN 2 with member port as P2 and untagged member port as
P2 in both ICM3 and ICM4. Also configure the PVID of the port P2 as
VLAN 2 in ICM3 and ICM4.
At Switch ICM3
switch# configure terminal
switch(config)# vlan 2
switch(config-vlan)#ports TwentyGigE 0/1/1 untagged
TwentyGigE 0/1/1
switch(config-vlan)# exit
switch(config)#interface TwentyGigE 0/1/1
switch(config-if)#switchport pvid 2
switch(config-if)#end
At Switch ICM4
switch# configure terminal
switch(config)# vlan 2
switch(config-vlan)#ports TwentyGigE 0/1/1 untagged
TwentyGigE 0/1/1
switch(config-vlan)# exit
switch(config)#interface TwentyGigE 0/1/1
switch(config-if)#switchport pvid 2
switch(config-if)#end
14. At the end of these configuration VLAN 2 is learnt on port P1 of ICM3 and
ICM4, and port P1 is the root port of the Customer Network-Spanning
Tree (ICM3 and ICM4).
At Switch ICM1
switch# show spanning-tree
Switch default
Root Id
Priority
32768
Address
00:01:02:03:04:01
Cost
0
Port
0 [0]
This bridge is the root
Max age 20 Sec, forward delay 15 Sec
MST00
MST00 is executing the mstp compatible Multiple
Spanning Tree Protocol
Bridge Id
Priority
Address
32768
00:01:02:03:04:01
Max age is 20 sec, forward delay is 15
sec
Name
Role
State
Cost
Prio
Type
----
----
-----
----
----
-----
Gi0/1
Disabled
Forwarding
200000
128
SharedLan
Gi0/2
Designated Forwarding
200000
128
SharedLan
15. Execute the following show command to view that the STP and GVRP
protocol tunnel status is configured as ’tunnel’ in ICM1.
switch# show vlan port config port TwentyGigE 0/1/1
Switch default
Vlan Port configuration table
------------------------------Port Gi0/1
Port Vlan ID
: 1
150
Port Acceptable Frame Type
: Admit All
Port Ingress Filtering
: Disabled
Port Mode
: Hybrid
Port Gvrp Status
: Enabled
Port Gmrp Status
: Enabled
Port Gvrp Failed Registrations
: 0
Gvrp last pdu origin
00:00:00:00:00:00
:
Port Restricted Vlan Registration
: Disabled
Port Restricted Group Registration
: Disabled
Mac Based Support
: Disabled
Port-and-Protocol Based Support
: Enabled
Default Priority
: 0
Dot1x Protocol Tunnel Status
: Peer
LACP Protocol Tunnel Status
: Peer
Spanning Tree Tunnel Status
: Tunnel
GVRP Protocol Tunnel Status
: Tunnel
GMRP Protocol Tunnel Status
: Peer
IGMP Protocol Tunnel Status
: Peer
----------------------------------------------------At Switch ICM2
switch# show spanning-tree
Switch default
Root Id
Priority
32768
Address
00:01:02:03:04:01
Cost
200000
Port
2 [Gi0/2]
Max age 20 Sec, forward delay 15 Sec
MST00
MST00 is executing the mstp compatible Multiple
Spanning Tree Protocol
Bridge Id
Priority
Address
----
00:02:02:03:04:01
Max age is 20 sec, forward delay is 15
sec
Name
32768
Role
----
State
-----
Cost
----
Prio
----
Type
-----
Gi0/1
Disabled
Gi0/2
Root
Forwarding
Forwarding
200000
200000
128
128
SharedLan
SharedLan
16. Execute the following show command to view that the STP and GVRP
protocol tunnel status is configured as ’tunnel’ in ICM2.
switch# show vlan port config port TwentyGigE 0/1/1
Switch default
Vlan Port configuration table
------------------------------Port Gi0/1
Port Vlan ID
: 1
Port Acceptable Frame Type
: Admit All
Port Ingress Filtering
: Disabled
Port Mode
: Hybrid
Port Gvrp Status
: Enabled
Port Gmrp Status
: Enabled
Port Gvrp Failed Registrations
: 0
Gvrp last pdu origin
00:00:00:00:00:00
:
Port Restricted Vlan Registration
: Disabled
Port Restricted Group Registration
: Disabled
Mac Based Support
: Disabled
Port-and-Protocol Based Support
: Enabled
Default Priority
: 0
Dot1x Protocol Tunnel Status
: Peer
LACP Protocol Tunnel Status
: Peer
Spanning Tree Tunnel Status
: Tunnel
GVRP Protocol Tunnel Status
: Tunnel
GMRP Protocol Tunnel Status
: Peer
IGMP Protocol Tunnel Status
: Peer
----------------------------------------------------At Switch ICM3
17. Execute the following show command to verify that the Spanning tree has
settled in ICM3 by tunneling of STP packets.
switch# show spanning-tree
Switch default
Root Id
Priority
32768
Address
00:03:02:03:04:01
Cost
0
Port
0 [0]
152
This bridge is the root
Max age 20 Sec, forward delay 15 Sec
MST00
MST00 is executing the mstp compatible Multiple
Spanning Tree Protocol
Bridge Id
Priority
Address
sec
32768
00:03:02:03:04:01
Max age is 20 sec, forward delay is 15
Name
Role
State
Cost
Prio
Type
----
----
-----
----
----
------
Gi0/1
Designated
Forwarding
200000
128
SharedLan
Gi0/2
Designated
Forwarding
200000
128
SharedLan
18. Verify the VLAN learning happened properly in ICM3 using the following
command
switch# show vlan
VLAN database
------------VLAN ID
: 1
Member Ports
: Gi0/1, Gi0/2
Untagged Ports
: Gi0/1, Gi0/2
Forbidden Ports
: None
Name
:
Status
: Permanent
---------------------------------------------------VLAN ID
: 2
Member Ports
: Gi0/1, Gi0/2
Untagged Ports
: Gi0/1
Forbidden Ports
: None
Name
:
Status
: Permanent
At Switch ICM4
19. Verify that the Spanning tree has settled in ICM4 by tunneling of STP
packets by executing the following command.
switch# show spanning-tree
Switch default
Root Id
Priority
32768
Address
00:03:02:03:04:01
Cost
200000
Port
2 [Gi0/2]
Max age 20 Sec, forward delay 15 Sec
MST00
MST00 is executing the mstp compatible Multiple
Spanning Tree Protocol
Bridge Id
Priority
Address
32768
00:04:02:03:04:01
Max age is 20 sec, forward delay is 15
sec
Name
Role
State
Cost
Prio
Type
----
----
-----
----
----
----
Gi0/1 Root
Forwarding
Gi0/2 Designated
200000
Forwarding
128
200000
SharedLan
128
SharedLan
20. Execute the following show command to verify whether VLAN learning
happened properly in ICM4.
switch# show vlan
VLAN database
------------VLAN ID
: 1
Member Ports
: Gi0/1, Gi0/2
Untagged Ports
: Gi0/1, Gi0/2
Forbidden Ports
: None
Name
:
Status
: Permanent
---------------------------------------------------VLAN ID
: 2
Member Ports
: Gi0/1, Gi0/2
Untagged Ports
: Gi0/1
Forbidden Ports
: None
Name
:
Status
: Permanent
Tunneling of Dot1x Protocol in Provider Bridges
Configuration Guidelines
1. Configure the bridge mode for all bridges as Customer Bridge.
2. Disable Dot1x where DOT1x tunneling in required.
3. Set the Dot1x tunneling for port connected to customer network.
154
4. Configure Dot1x authenticator and supplicant.
5. Configure S-VLAN.
Default Configurations
1. Refer section 0 for default configuration.
2. Dot1x is enabled in all bridges.
3. Supplicant authorizes the username and password by default as given
below:
 Username – guest
 Password – future
Configuration Steps
1. Refer Figure 6 for the topology setup.
2. Configure the Dot1x module status as disabled on both ICM1 and ICM2.
At Switch ICM1
switch#configure terminal
3. Disable Dot1x module status.
switch(config)# no dot1x system-auth-control
switch(config)#end
At Switch ICM2
switch#configure terminal
4. Disable Dot1x module status.
switch(config)# no dot1x system-auth-control
switch(config)#end
5. Configure the Dot1x tunnel status for port P1 as “tunnel” in both ICM1
and ICM2.
At Switch ICM1
switch#configure terminal
switch(config)# interface TwentyGigE 0/1/1
switch(config-if)# l2protocol-tunnel dot1x
switch(config-if)#end
At Switch ICM2
switch#configure terminal
switch(config)# interface TwentyGigE 0/1/1
switch(config-if)# l2protocol-tunnel dot1x
switch(config-if)#end
6. Create VLAN 2 with member ports as P1, P2 and untagged member port
as P1 on both ICM1 and ICM2. Configure PVID of the port P1 as VLAN 2
in both ICM1 and ICM2.
At Switch ICM1
switch#configure terminal
switch(config)# vlan 2
switch(config-vlan)# ports TwentyGigE 0/1/1,0/2 untagged
TwentyGigE 0/1/1
switch(config-vlan)#exit
switch(config)# interface TwentyGigE 0/1/1
switch(config-if)#switchport pvid 2
switch(config-if)#end
At Switch ICM2
switch#configure terminal
switch(config)# vlan 2
switch(config-vlan)# ports TwentyGigE 0/1/1,0/2 untagged
TwentyGigE 0/1/1
switch(config-vlan)#exit
switch(config)# interface TwentyGigE 0/1/1
switch(config-if)#switchport pvid 2
switch(config-if)#end
7. Configure the authenticator and supplicant in both ICM3 and ICM4.
At Switch ICM3
switch#configure terminal
switch(config)# dot1x local-database guest password future
permission allow
switch(config)#interface TwentyGigE 0/1/1
switch(config-if)# dot1x port-control auto
switch(config-if)#end
At Switch ICM4
switch#configure terminal
switch(config)# dot1x local-database guest password future
permission allow
switch(config)#interface TwentyGigE 0/1/1
switch(config-if)# dot1x port-control auto
switch(config-if)#end
8. Execute the following show commands to view the above configurations
in all the switches.
At Switch ICM1
View the Dot1x Module status (disabled) by executing the following
command:
switch# show dot1x
Sysauthcontrol
= Disabled
156
Module Oper Status
= Disabled
Dot1x Protocol Version
= 2
Dot1x Authentication Method
= Local
Nas ID
= fsNas1
9. View the Dot1x Tunnel Status configuration by executing the following
command:
switch# show vlan port config port TwentyGigE 0/1/1
Switch default
Vlan Port configuration table
------------------------------Port Gi0/1
Port Vlan ID
: 1
Port Acceptable Frame Type
: Admit All
Port Ingress Filtering
: Disabled
Port Mode
: Hybrid
Port Gvrp Status
: Enabled
Port Gmrp Status
: Enabled
Port Gvrp Failed Registrations
: 0
Gvrp last pdu origin
00:00:00:00:00:00
:
Port Restricted Vlan Registration
: Disabled
Port Restricted Group Registration
: Disabled
Mac Based Support
: Disabled
Port-and-Protocol Based Support
: Enabled
Default Priority
: 0
Dot1x Protocol Tunnel Status
: Peer
LACP Protocol Tunnel Status
: Peer
Spanning Tree Tunnel Status
: Tunnel
GVRP Protocol Tunnel Status
: Tunnel
GMRP Protocol Tunnel Status
: Peer
IGMP Protocol Tunnel Status
: Peer
---------------------------------------------------At Switch ICM2
View the Dot1x Module status (disabled) by executing the following
command:
switch# show dot1x
Sysauthcontrol
= Disabled
Module Oper Status
= Disabled
Dot1x Protocol Version
= 2
Dot1x Authentication Method
= Local
Nas ID
= fsNas1
10. View the Dot1x Tunnel Status configuration by executing the following
command:
switch# show vlan port config port TwentyGigE 0/1/1
Switch default
Vlan Port configuration table
------------------------------Port Gi0/1
Port Vlan ID
: 1
Port Acceptable Frame Type
: Admit All
Port Ingress Filtering
: Disabled
Port Mode
: Hybrid
Port Gvrp Status
: Enabled
Port Gmrp Status
: Enabled
Port Gvrp Failed Registrations
: 0
Gvrp last pdu origin
00:00:00:00:00:00
:
Port Restricted Vlan Registration
: Disabled
Port Restricted Group Registration
: Disabled
Mac Based Support
: Disabled
Port-and-Protocol Based Support
: Enabled
Default Priority
: 0
Dot1x Protocol Tunnel Status
: Peer
LACP Protocol Tunnel Status
: Peer
Spanning Tree Tunnel Status
: Tunnel
GVRP Protocol Tunnel Status
: Tunnel
GMRP Protocol Tunnel Status
: Peer
IGMP Protocol Tunnel Status
: Peer
-----------------------------------------------------At Switch ICM3
View the Dot1x local database by executing the following command:
switch# show dot1x local-database
Pnac Authentication Users Database
----------------------------------User name
: guest
Protocol
: 4
158
Timeout
Ports
Gi0/6
Gi0/12
Gi0/17, Gi0/18
Gi0/23, Gi0/24
Permission
: 0 seconds
Gi0/1, Gi0/2, Gi0/3, Gi0/4, Gi0/5,
Gi0/7, Gi0/8, Gi0/9, Gi0/10, Gi0/11,
Gi0/13, Gi0/14, Gi0/15, Gi0/16,
Gi0/19, Gi0/20, Gi0/21, Gi0/22,
: Allow
View the port status (authorized) by executing the following command:
switch# show dot1x interface TwentyGigE 0/1/1
Dot1x Info for Gi0/1
--------------------PortStatus
= AUTHORIZED
AccessControl
= INACTIVE
AuthSM State
= AUTHENTICATED
SuppSM State
= AUTHENTICATED
BendSM State
= IDLE
AuthPortStatus
= AUTHORIZED
SuppPortStatus
= AUTHORIZED
AdminControlDirection = BOTH
OperControlDirection
= BOTH
MaxReq
= 2
Port Control
= Auto
QuietPeriod
= 60 Seconds
Re-authentication
= Disabled
ReAuthPeriod
= 3600 Seconds
ServerTimeout
= 30 Seconds
SuppTimeout
= 30 Seconds
Tx Period
= 30 Seconds
At Switch ICM4
View the dot1x local database by executing the following command:
switch# show dot1x local-database
Pnac Authentication Users Database
----------------------------------User name
: guest
Protocol
: 4
Timeout
Ports
Gi0/6
Gi0/12
Gi0/17, Gi0/18
Gi0/23, Gi0/24
Permission
: 0 seconds
Gi0/1, Gi0/2, Gi0/3, Gi0/4, Gi0/5,
Gi0/7, Gi0/8, Gi0/9, Gi0/10, Gi0/11,
Gi0/13, Gi0/14, Gi0/15, Gi0/16,
Gi0/19, Gi0/20, Gi0/21, Gi0/22,
: Allow
11. View the port status (as authorized) by executing the following command:
switch# show dot1x interface TwentyGigE 0/1/1
Dot1x Info for Gi0/1
--------------------PortStatus
= AUTHORIZED
AccessControl
= INACTIVE
AuthSM State
= AUTHENTICATED
SuppSM State
= AUTHENTICATED
BendSM State
= IDLE
AuthPortStatus
= AUTHORIZED
SuppPortStatus
= AUTHORIZED
AdminControlDirection = BOTH
OperControlDirection
= BOTH
MaxReq
= 2
Port Control
= Auto
QuietPeriod
= 60 Seconds
Re-authentication
= Disabled
ReAuthPeriod
= 3600 Seconds
ServerTimeout
= 30 Seconds
SuppTimeout
= 30 Seconds
Tx Period
= 30 Seconds
Tunneling of EOAM Protocol in Provider Bridges
This section describes the tunneling of EOAM control packets at Provider
Edge bridges present in the provider network.
Configuration Guidelines
1. Configure the bridge mode as Customer Bridge for ICM3 and ICM4.
160
2. Configure the bridge mode as Customer Edge Bridge for ICM1 and ICM2.
3. Enable the EOAM tunneling for port connected to customer network.
4. Configure S-VLAN.
Default Configurations
1. Refer section 0 for default configuration.
2. EOAM is not enabled in any bridges.
Configuration Steps
1. Refer Figure 6 for the topology setup.
2. Configure the EOAM tunnel status for port P1 as “tunnel” in both ICM1
and ICM2.
At Switch ICM1
switch#configure terminal
switch(config)# interface TwentyGigE 0/1/1
switch(config-if)# l2protocol-tunnel eoam
switch(config-if)#end
At Switch ICM2
switch#configure terminal
switch(config)# interface TwentyGigE 0/1/1
switch(config-if)# l2protocol-tunnel eoam
switch(config-if)#end
3. Create VLAN 2 with member ports as P1, P2 and untagged member port
as P1 on both ICM1 and ICM2. Configure PVID of the port P1 as VLAN 2
in both ICM1 and ICM2.
At Switch ICM1
switch#configure terminal
switch(config)# vlan 2
switch(config-vlan)# ports TwentyGigE 0/1/1,0/2 untagged
TwentyGigE 0/1/1
switch(config-vlan)#exit
switch(config)# interface TwentyGigE 0/1/1
switch(config-if)#switchport pvid 2
switch(config-if)#end
At Switch ICM2
switch#configure terminal
switch(config)# vlan 2
switch(config-vlan)# ports TwentyGigE 0/1/1,0/2 untagged
TwentyGigE 0/1/1
switch(config-vlan)#exit
switch(config)# interface TwentyGigE 0/1/1
switch(config-if)#switchport pvid 2
switch(config-if)#end
4. Enable EOAM in both ICM3 and ICM4.
At Switch ICM3
switch#configure terminal
switch(config)# no shutdown ethernet-oam
switch(config)# set ethernet-oam enable
switch(config)# interface TwentyGigE 0/1/1
switch(config-if)# ethernet-oam enable
switch(config-if)# ethernet-oam mode active
switch(config-if)# ethernet-oam remote-loopback permit
switch(config-if)#end
At Switch ICM4
switch#configure terminal
switch(config)# no shutdown ethernet-oam
switch(config)# set ethernet-oam enable
switch(config)# interface TwentyGigE 0/1/1
switch(config-if)# ethernet-oam enable
switch(config-if)# ethernet-oam mode active
switch(config-if)# ethernet-oam remote-loopback enable
switch(config-if)#end
5. View the EOAM port status by executing the following command:
At Switch ICM3
switch# show port ethernet-oam TwentyGigE 0/1/1
Port
State
Mode
Status
LinkMonitor ConfigRev MaxPdu
------- -------- ------- ------------------- ---------- --------- -----Gi0/1
3
enable
1518
active
L-Loopback
Port
Remote
Link
UniDir
Loopback Event
enable
Variable
retrieval
------- -------- ------- ------- --------Gi0/1
permit
enable
disable enable
Port
ErrSymbol Period
ErrSymbol Period
Window
Threshold
162
(millions)
Count
------- -------------------- -------------------Gi0/1
625
1
Port
ErrFrame Period
ErrFrame Period
Window
Threshold
Count
------- ---------------- ---------------Gi0/1
10000000
1
Port
Errored Frame
Errored Frame
Window
Threshold
(100 msec)
Count
------- ---------------- ---------------Gi0/1
10
1
Port
ErrFrameSec Summary ErrFrameSec Summary
Window
Threshold
(100 msec)
Count
------- ------------------- ------------------Gi0/1
100
1
6. At Switch ICM4
switch# show vlan port config port TwentyGigE 0/1/1
switch# show port ethernet-oam
Port
State
Mode
Status
LinkMonitor ConfigRev MaxPdu
------- -------- ------- ------------------- ---------- --------- -----Gi0/1
2
enable
1518
active
R-Loopback
Port
Remote
Link
UniDir
Loopback Event
enable
Variable
retrieval
------- -------- ------- ------- --------Gi0/1
deny
enable
disable enable
Port
ErrSymbol Period
ErrSymbol Period
Window
Threshold
(millions)
Count
------- -------------------- -------------------Gi0/1
625
1
Port
ErrFrame Period
ErrFrame Period
Window
Threshold
Count
------- ---------------- ---------------Gi0/1
10000000
1
Port
Errored Frame
Errored Frame
Window
Threshold
(100 msec)
Count
------- ---------------- ---------------Gi0/1
10
1
Port
ErrFrameSec Summary ErrFrameSec Summary
Window
Threshold
(100 msec)
Count
------- ------------------- ------------------Gi0/1
100
1
7. View the Dot1x Tunnel Status by executing the following command:
At Switch ICM1
switch# show l2protocol-tunnel summary
Switch default
COS for Encapsulated Packet : 7
Port
Protocol
----
--------
Status
------
Gi0/1
STP
up
Gi0/1
GVRP
up
Gi0/1
GMRP
up
Gi0/1
MVRP
up
Gi0/1
MMRP
up
Gi0/1
IGMP
up
164
Gi0/1
EOAM
Gi0/2
STP
Gi0/2
GVRP
up
up
up
Gi0/2
GMRP
up
Gi0/2
MVRP
up
At Switch ICM2
switch# show l2protocol-tunnel summary
Switch default
COS for Encapsulated Packet : 7
Port
Protocol
Status
----
--------
------
Gi0/1
Dot1x
Gi0/1
IGMP
up
Gi0/1
EOAM
up
STP
up
Gi0/2
up
Gi0/2
GVRP
up
Gi0/2
GMRP
up
Gi0/2
MVRP
up
Interoperability between 1AD Bridge and Q-in-Q Bridge
Configuration Guidelines
1. Configuring bridge modes.
2. Configuring the port type of the port that is connected to a Q-in-Q bridge
as Proprietary Provider Network Port.
3. Configuring the S-VLAN.
Default Configurations
1. Refer section 0 for default configuration.
2. All ports are configured as “Provider Network Ports” by default.
Configuration steps
1. Refer Figure 6 for topology setup.
2. ”Configure port P1 of PB1 and PB2 as “Proprietary Provider Network
Port”.
At switch PB1
switch#configure terminal
switch(config)# interface TwentyGigE 0/1/1
switch(config-if)# bridge port-type propProviderNetworkPort
switch(config-if)# end
At switch PB2
switch#configure terminal
switch(config)# interface TwentyGigE 0/1/1
switch(config-if)# bridge port-type propProviderNetworkPort
switch(config-if)# end
3. Configure VLAN 2 with member ports as P1 and untagged member ports
as P1 in CB1 and CB2. Also configure the PVID of port P2 as VLAN 2.
At Switch CB1
switch(config)# vlan 2
switch(config-vlan)# ports TwentyGigE 0/1/1,0/2 untagged
TwentyGigE 0/1/1
switch(config-vlan)# exit
switch(config)# interface TwentyGigE 0/1/1
switch(config-if)# switchport pvid 2
switch(config-if)# end
At Switch CB2
switch(config)# vlan 2
switch(config-vlan)# ports TwentyGigE 0/1/1,0/2 untagged
TwentyGigE 0/1/1
switch(config-vlan)# exit
switch(config)# interface TwentyGigE 0/1/1
switch(config-if)# switchport pvid 2
switch(config-if)# end
4. Verify the topology convergence in CB1 and CB2, and VLAN
membership propagation in PB1 and PB2.
At Switch CB1
switch# show spanning-tree
Root Id
Priority
32768
Address
00:01:02:03:04:01
Cost
200000
Port
1 [Gi0/1]
Max age 20 Sec, forward delay 15 Sec
MST00
166
MST00 is executing the mstp compatible Multiple
Spanning Tree Protocol
Bridge Id
Priority
Address
32768
00:03:02:03:04:01
Max age is 20 sec, forward delay is 15
sec
Name
Role
State
Cost
Prio
Type
----
----
-----
----
----
----
Gi0/1 Root
Forwarding
Gi0/2 Designated
200000
Forwarding
128
200000
SharedLan
128
SharedLan
At Switch CB2
switch# show spanning-tree
Root Id
Priority
32768
Address
00:01:02:03:04:01
Cost
400000
Port
1 [Gi0/1]
Max age 20 Sec, forward delay 15 Sec
MST00
MST00 is executing the mstp compatible Multiple
Spanning Tree Protocol
Bridge Id
Priority
Address
32768
00:04:02:03:04:01
Max age is 20 sec, forward delay is 15
sec
Name
Role
State
Cost
Prio
Type
----
----
-----
----
----
-----
Gi0/1
Root
Forwarding
200000
128
SharedLan
Gi0/2 Designated Forwarding 200000
128
SharedLan
At Switch PB1
switch# show vlan brief
Vlan database
------------Vlan ID
: 1
Member Ports
: Gi0/1, Gi0/2
Untagged Ports
: None
Forbidden Ports
: None
Name
:
Status
: Permanent
ServiceType
: E-LAN
MacLearning Status
: Enabled
---------------------------------------------------Vlan ID
: 2
Member Ports
: Gi0/1, Gi0/2
Untagged Ports
: None
Forbidden Ports
: None
Name
:
Status
: Dynamic Gvrp
ServiceType
: E-LAN
MacLearning Status
: Enabled
At Switch PB2
switch# show vlan brief
Vlan database
------------Vlan ID
: 1
Member Ports
: Gi0/1, Gi0/2
Untagged Ports
: None
Forbidden Ports
: None
Name
:
Status
: Permanent
ServiceType
: E-LAN
MacLearning Status
: Enabled
---------------------------------------------------Vlan ID
: 2
Member Ports
: Gi0/1, Gi0/2
Untagged Ports
: None
Forbidden Ports
: None
Name
:
Status
: Dynamic Gvrp
ServiceType
: E-LAN
MacLearning Status
: Enabled
168
Configuring Port Unicast Mac Status and Mac Limit
PB1
P1
P1
P2
P1
HB
HA
Figure 7: Topology 3
Configuration Guidelines
1. Configuration of bridge modes.
2. Configuration of Unicast Mac status and Unicast Mac limit.
3. Configuration of S-VLAN.
Default Configurations
1. Refer section 0 for default configuration.
2. All ports are configured as “Provider Network Ports” by default.
Configuration Steps
1. Refer Figure 6 for the topology setup.
2. Configure the Unicast Mac status as “disabled” for port P1 of PB1.
switch#configure terminal
switch(config)# interface TwentyGigE 0/1/1
3. Disable the Unicast Mac Learning status.
switch(config-if)# switchport unicast-mac learning disable
switch(config)#end
4. Send five unicast packets of different sources from P1 of HA to P1 of
PB1.
5. Verify that the Mac address is not learnt on the port P1 using the
following command:
At Switch PB1
switch#show mac-address-table
VLAN
Mac Address
Type
Ports
----
-----------
----
-----
Total Mac Addresses displayed: 0
6. Configure the Unicast Mac Learning status as enabled for port P1 of PB1.
Also configure the Unicast Mac Limit for port P1 as 5.
At Switch PB1
switch#configure terminal
switch(config)# interface TwentyGigE 0/1/1
7. Enable the Unicast Mac Learning status for port P1
switch(config-if)# switchport unicast-mac learning enable
8. Enable the Unicast Mac Learning Limit as 5 for port P1
switch(config-if)# switchport unicast-mac learning limit 5
switch(config-if)# end
9. Send 10 unicast packets of different sources from P1 of HA to P1 of PB1.
At Switch PB1
switch# show mac-address-table
Vlan
Mac Address
Type
Ports
----
-----------
----
-----
1
00:11:22:33:44:0a
Learnt
Gi0/1
1
00:11:22:33:44:1a
Learnt
Gi0/1
1
00:11:22:33:44:2a
Learnt
Gi0/1
1
00:11:22:33:44:3a
Learnt
Gi0/1
1
00:11:22:33:44:4a
Learnt
Gi0/1
10. The status of the Unicast Mac Learning status and Mac Limit are viewed
using the following command:
switch# show provider-bridge port config port TwentyGigE 0/1/1
Provider Bridge Port configuration table
----------------------------------------Port Gi0/1
Port Type
Network Port
: Provider
Service VLAN Classification
: PVID
Ingress EtherType
: 0x88a8
Egress EtherType
: 0x88a8
EtherType Swap Status
: Disable
Service VLAN Translation Status
: Enable
Require Drop Encoding
: False
Use_Dei
: False
PCP Selection Row
: 8P0D
Unicast Mac Learning Status
: Enable
Unicast Mac Learning Limit
: 5
----------------------------------------------------
170
Configuring VLAN Unicast Mac Status and Mac Limit
Configuration Guidelines
1. Configuration of bridge modes.
2. Configuration of Multicast Mac status and Multicast Mac limit.
3. Configuration of S-VLAN.
Default Configurations
1. Refer section 0 for default configuration.
2. All ports are ”Provider Network Ports” by default.
Configuration Steps
1. Refer Figure 6 for the topology setup.
2. Configure the Unicast Mac status as “disabled” for VLAN 2 of PB1.
switch#configure terminal
switch(config)# vlan 2
3. Disable the Unicast Mac Learning status for VLAN 2
switch(config-vlan)# set unicast-mac learning enable
switch(config-vlan)#end
4. Send five unicast packets of different sources from P1 of HA to P1 of
PB1.
5. Verify that the Mac address is not learnt on the port P1 using the
following command:
At Switch PB1
switch#show mac-address-table
Vlan
Mac Address
Type
Ports
----
-----------
----
-----
Total Mac Addresses displayed: 0
6. Configure the Unicast Mac Learning status as enabled for VLAN 2 of PB1
and also configure the Unicast Mac Limit for VLAN 2 as 5.
At Switch PB1
switch#configure terminal
switch(config)# vlan 2
7. Enable the Unicast Mac Learning status for VLAN 2.
switch(config-vlan)# set unicast-mac learning enable
8. Enable the Unicast Mac Learning limit as 5 for port P1.
switch(config-vlan)# vlan unicast-mac learning limit 5
switch(config-vlan)# end
9. Send 10 unicast packets of different sources from P1 of HA to P1 of PB1.
At Switch PB1
switch# show mac-address-table
Vlan
Mac Address
Type
Ports
----
-----------
----
-----
2
00:11:22:33:44:0a
Learnt
Gi0/1
2
00:11:22:33:44:1a
Learnt
Gi0/1
2
00:11:22:33:44:2a
Learnt
Gi0/1
2
00:11:22:33:44:3a
Learnt
Gi0/1
2
00:11:22:33:44:4a
Learnt
Gi0/1
10. The status of the Unicast Mac Learning status and Mac limit are viewed
using the following command:
switch# show vlan learning params
VLAN Id
: 1
Mac Learning Status : Enable
Mac Learning Limit
: 150
------------------------------------Vlan Id
: 2
Mac Learning Status : Enable
Mac Learning Limit
: 5
172
Appendix: Additional Information
A.1 Customer Controlled Provider Bridges
Provider Bridges placed in the customer network are termed as Customer
Controlled Provider Bridges. This provides the customer to choose the
services in the customer premises than requesting the provider for services.
The Customer Controlled Provider Edge Bridge provides C-Tagged service
interfaces within the customer’s own network. These Customer Controlled
Provider Bridges are connected to the Provider Controlled Bridges through
CNP S-Tagged interfaces. The communication between the Customer
Controlled Provider Bridge and the Connecting Provider Bridge is through SVLAN tag.
A.2 Proprietary Provider Network Port
Proprietary Provider Network Port is mainly used to interop with the Q-in-Q
bridges in the provider network. PPNP is always connected to a Q-in-Q
bridge in the provider network; else it is considered as misconfiguration.
The Ingress ether type of PPNP is always 0x8100. Packets received with CTag (0x8100) are treated as S-Tag packets and are processed. The packet
that has to be transmitted on this port with S-Tag has ether type as 0x8100.
On PPNP, the Provider Spanning Tree protocol and Provider GVRP protocol
transmits the control packets with destination address as defined for
customer bridges. In case of transmitting the tunneled Customer STP and
GVRP packets, the destination Mac address is changed as per the
administrator configuration.
Support and other resources
Accessing Hewlett Packard Enterprise Support

For live assistance, go to the Contact Hewlett Packard Enterprise Worldwide website
(http://www.hpe.com/assistance).

To access documentation and support services, go to the Hewlett Packard Enterprise Support Center
website (http://www.hpe.com/support/hpesc).
Information to collect

Technical support registration number (if applicable)

Product name, model or version, and serial number

Operating system name and version

Firmware version

Error messages

Product-specific reports and logs

Add-on products or components

Third-party products or components
Accessing updates

Some software products provide a mechanism for accessing software updates through the product
interface. Review your product documentation to identify the recommended software update method.

To download product updates, go to either of the following:
o Hewlett Packard Enterprise Support Center Get connected with updates page
(http://www.hpe.com/support/e-updates)
o Software Depot website (http://www.hpe.com/support/softwaredepot)

To view and update your entitlements, and to link your contracts and warranties with your profile, go
to the Hewlett Packard Enterprise Support Center More Information on Access to Support Materials
page (http://www.hpe.com/support/AccessToSupportMaterials).
IMPORTANT: Access to some updates might require product entitlement when accessed through the
Hewlett Packard Enterprise Support Center. You must have an HP Passport set up with relevant
entitlements.
Websites
Hewlett Packard Enterprise Information Library (http://www.hpe.com/info/enterprise/docs)
Hewlett Packard Enterprise Support Center (http://www.hpe.com/support/hpesc)
Contact Hewlett Packard Enterprise Worldwide (http://www.hpe.com/assistance)
Subscription Service/Support Alerts (http://www.hpe.com/support/e-updates)
174
Software Depot (http://www.hpe.com/support/softwaredepot)
Customer Self Repair (http://www.hpe.com/support/selfrepair)
Insight Remote Support (http://www.hpe.com/info/insightremotesupport/docs)
Serviceguard Solutions for HP-UX (http://www.hpe.com/info/hpux-serviceguard-docs)
Single Point of Connectivity Knowledge (SPOCK) Storage compatibility matrix
(http://www.hpe.com/storage/spock)
Storage white papers and analyst reports (http://www.hpe.com/storage/whitepapers)
Remote support
Remote support is available with supported devices as part of your warranty or contractual support
agreement. It provides intelligent event diagnosis, and automatic, secure submission of hardware event
notifications to Hewlett Packard Enterprise, which will initiate a fast and accurate resolution based on your
product’s service level. Hewlett Packard Enterprise strongly recommends that you register your device for
remote support.
For more information and device support details, go to the Insight Remote Support website
(http://www.hpe.com/info/insightremotesupport/docs).
Documentation feedback
Hewlett Packard Enterprise is committed to providing documentation that meets your needs. To help us
improve the documentation, send any errors, suggestions, or comments to Documentation Feedback
(mailto:docsfeedback@hpe.com). When submitting your feedback, include the document title, part
number, edition, and publication date located on the front cover of the document. For online help content,
include the product name, product version, help edition, and publication date located on the legal notices
page.
176
Download PDF
Similar pages