advertisement
HP FlexFabric 7900 Switch Series
Layer 2—LAN Switching
Configuration Guide
Part number: 5998-6182
Software version: Release 2117 and Release 2118
Document version: 6W100-20140805
Legal and notice information
© Copyright 2014 Hewlett-Packard Development Company, L.P.
No part of this documentation may be reproduced or transmitted in any form or by any means without prior written consent of Hewlett-Packard Development Company, L.P.
The information contained herein is subject to change without notice.
HEWLETT-PACKARD COMPANY MAKES NO WARRANTY OF ANY KIND WITH REGARD TO THIS
MATERIAL, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE. Hewlett-Packard shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing, performance, or use of this material.
The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.
Contents
i
ii
iii
iv
v
Configuring Ethernet interfaces
The switch series supports Ethernet interfaces, management Ethernet interfaces, and Console interfaces.
For the interface types and the number of interfaces supported by a switch model, see the installation guide.
This document describes how to configure management Ethernet interfaces and Ethernet interfaces.
Configuring a management Ethernet interface
A management interface uses an RJ-45 connector. You can connect the interface to a PC for software loading and system debugging.
To configure a management Ethernet interface:
Step Command
1. Enter system view.
2. Enter management
Ethernet interface view.
3. (Optional.) Set the interface description.
4. (Optional.) Shut down the interface. system-view interface M-GigabitEthernet
interface-number description text shutdown
Remarks
N/A
N/A
The default setting is
M-GigabitEthernet0/0/0 Interface.
By default, the management Ethernet interface is up.
Ethernet interface naming conventions
For a switch in an IRF fabric, its Ethernet interfaces are numbered in the format of interface type
A/B/C/D; for a switch not in any IRF fabric, its Ethernet interfaces are numbered in the format of interface type B/C/D, where the following definitions apply:
•
A—Number of the switch in an IRF fabric.
•
B—Slot number of the card in the switch.
• C—Sub-slot number on a card.
•
D—Number of an interface on a card.
Configuring common Ethernet interface settings
This section describes the settings common to Layer 2 Ethernet interfaces and Layer 3 Ethernet interfaces/subinterfaces. You can set an Ethernet port as a Layer 3 interface by using the port link-mode route command. For more information, see "
Configuring the link mode of an Ethernet interface ." For
more information about the settings specific to Layer 2 Ethernet interfaces, see "
1
Splitting a 40-GE interface and combining 10-GE breakout interfaces
Splitting a 40-GE interface into four 10-GE breakout interfaces
You can use a 40-GE interface as a single interface. To improve port density, reduce costs, and improve network flexibility, you can also split a 40-GE interface into four 10-GE breakout interfaces.
For example, you can split a 40-GE interface FortyGigE 1/0/16 into four 10-GE breakout interfaces
Ten-GigabitEthernet 1/0/16:1 through Ten-GigabitEthernet 1/0/16:4.
To split a 40-GE interface into four 10-GE breakout interfaces:
Step
1. Enter system view.
2. Enter 40-GE interface view.
Command system-view interface interface-type
interface-number
Remarks
N/A
N/A
3. Split the 40-GE interface into four 10-GE breakout interfaces. using tengige
By default, a 40-GE interface is not split and operates as a single interface.
•
The 10-GE breakout interfaces split from a 40-GE interface support the same configuration and attributes as common 10-GE interfaces, except that they are numbered differently.
•
A 40-GE interface split into four
10-GE breakout interfaces must use a dedicated 1-to-4 cable or a
1-to-4 fiber and transceiver modules.
4. Reboot the card that houses the interface.
N/A
After creating the four 10-GE breakout interfaces, the system removes the 40-GE interface.
Combining four 10-GE breakout interfaces into a 40-GE interface
If you need higher bandwidth, you can combine the four 10-GE breakout interfaces into a 40-GE interface.
To combine four 10-GE breakout interfaces into a 40-GE interface:
Step
1. Enter system view.
2. Enter the view of any 10-GE breakout interface split from a
40-GE interface.
Command system-view interface interface-type
interface-number
Remarks
N/A
N/A
2
Step
3. Combine the four 10-GE breakout interfaces into a
40-GE interface.
4. Reboot the card that houses the interface.
Command using fortygige
N/A
Remarks
By default, a 40-GE interface is not split and operates as a single interface.
After you combine the four 10-GE breakout interfaces, use a dedicated 1-to-1 cable or a 40-GE transceiver module and fiber.
After creating the 40-GE interface, the system removes the four 10-GE breakout interfaces.
Configuring basic settings of an Ethernet interface or Layer 3
Ethernet subinterface
Configuring an Ethernet interface
You can set an Ethernet interface to operate in one of the following duplex modes:
• Full-duplex mode (full)—Interfaces can send and receive packets simultaneously.
• Half-duplex mode (half)—Interfaces cannot send and receive packets simultaneously.
•
Autonegotiation mode (auto)—Interfaces negotiate a duplex mode with their peers.
You can set the speed of an Ethernet interface or enable it to automatically negotiate a speed with its peer.
To configure an Ethernet interface:
1.
2. Enter Ethernet interface
3.
4.
5.
Enter system view. view.
Set the interface description.
Set the duplex mode of the Ethernet interface.
Set the port speed.
6. Configure the expected bandwidth of the interface. system-view interface interface-type
interface-number
N/A
N/A description text duplex { auto | full } speed { 1000 | 10000 | 40000
| auto } bandwidth bandwidth-value
The default setting is in the format of
interface-name Interface. For example,
FortyGigE1/0/1 Interface.
The default setting is auto for Ethernet interfaces.
The default setting is auto for Ethernet interfaces.
Support for the keywords varies with interface types. For more information, see
Layer 2—LAN Switching Command
Reference.
By default, the expected bandwidth (in kbps) is the interface baud rate divided by
1000.
3
7. Restore the default settings for the Ethernet interface.
8. Bring up the Ethernet interface. default undo shutdown
Configuring a Layer 3 Ethernet subinterface
N/A
By default, Ethernet interfaces are in up state.
Each of the Layer 3 interfaces and subinterfaces use one VLAN interface resource. Use the reserve-vlan-interface command to reserve VLAN interface resources for Layer 3 interfaces and subinterfaces before you create them. Otherwise, the Layer 3 interfaces and subinterfaces might not be created. For example, before creating four Layer 3 subinterfaces on a Layer 3 interface, you must reserve five VLAN interface resources by using the reserve-vlan-interface command.
VLAN interfaces cannot be created if their interface resources have been reserved. Select the VLAN interfaces of unused VLANs rather than used VLANs for resource reservation. To simplify management and configuration, HP recommends that you reserve VLAN interface resources as follows:
•
Bulk reserve resources of VLAN interfaces that are numbered in consecutive order.
• Reserve resources of VLAN interfaces whose VLAN IDs are in the range of 3000 to 3500 preferentially.
Before creating a Layer 3 Ethernet subinterface, do not reserve a resource for the VLAN interface whose interface number matches the subinterface number. After you reserve a VLAN interface resource, do not create a Layer 3 Ethernet subinterface whose subinterface number is the VLAN interface number. A Layer
3 Ethernet subinterface uses the VLAN interface resource in processing tagged packets whose VLAN ID matches the subinterface number.
After the software upgrades to support this feature, examine whether Layer 3 interfaces and subinterfaces exist when you create Layer 3 interfaces and subinterfaces for the first time.
•
If Layer 3 interfaces and subinterfaces exist, reserve VLAN interfaces resources for both the existing and new Layer 3 interfaces and subinterfaces.
•
If no Layer 3 interfaces or subinterfaces exist, reserve VLAN interfaces resources only for new Layer
3 interfaces and subinterfaces.
For more information about reserving VLAN interface resources, see "Configuring VLAN."
To configure a Layer 3 Ethernet subinterface:
Step Command Remarks
1. Enter system view.
2. Create an Ethernet subinterface and enter subinterface view. system-view interface interface-type
interface-number.subnumber
N/A
N/A
3. Set the description for the
Ethernet subinterface. description text
The default setting is interface-name
Interface. For example,
FortyGigE1/0/1.1 Interface.
4. Restore the default settings for the Ethernet subinterface. default N/A
4
Step Command Remarks
5. Set the expected bandwidth for the
Ethernet subinterface. bandwidth bandwidth-value
By default, the expected bandwidth
(in kbps) is the interface baud rate divided by 1000.
6. Bring up the Ethernet subinterface. undo shutdown
By default, Ethernet subinterfaces are in up state.
Configuring the link mode of an Ethernet interface
CAUTION:
After you change the link mode of an Ethernet interface, all commands (except the shutdown command) on the Ethernet interface are restored to their defaults in the new link mode.
Each of the Layer 3 interfaces and subinterfaces use one VLAN interface resource. Before configuring an
Ethernet interface to operate in route mode, use the reserve-vlan-interface command to reserve a VLAN interface resource for the interface. Otherwise, the operation might fail. For example, before configuring four Layer 2 interfaces to operate in route mode, you must reserve four VLAN interface resources by using the reserve-vlan-interface command.
VLAN interfaces cannot be created if their interface resources have been reserved. Select the VLAN interfaces of unused VLANs rather than used VLANs for resource reservation. To simplify management and configuration, HP recommends that you reserve VLAN interface resources as follows:
• Bulk reserve resources of VLAN interfaces that are numbered in consecutive order.
•
Reserve resources of VLAN interfaces whose VLAN IDs are in the range of 3000 to 3500 preferentially.
After the software upgrades to support this feature, examine whether Layer 3 interfaces and subinterfaces exist when you create Layer 3 interfaces and subinterfaces for the first time.
•
If Layer 3 interfaces and subinterfaces exist, reserve VLAN interfaces resources for both the existing and new Layer 3 interfaces and subinterfaces.
• If no Layer 3 interfaces or subinterfaces exist, reserve VLAN interfaces resources only for new Layer
3 interfaces and subinterfaces.
For more information about reserving VLAN interface resources, see "Configuring VLAN."
On the switch, Ethernet interfaces can operate either as Layer 2 or Layer 3 Ethernet interfaces (you can set the link mode to bridge or route).
To change the link mode of an Ethernet interface:
1. Enter system view. system-view
2. Enter Ethernet interface view. interface interface-type
3. Change the link mode of the
Ethernet interface. port link-mode { bridge | route }
N/A
N/A
By default, an Ethernet interface operates in bridge mode.
5
Configuring jumbo frame support
An Ethernet interface might receive some frames larger than the standard Ethernet frame size (called
"jumbo frames") during high-throughput data exchanges, such as file transfers. When the Ethernet interface is configured to deny jumbo frames, the Ethernet interface discards jumbo frames without further processing. When the Ethernet interface is configured with jumbo frame support, the Ethernet interface processes jumbo frames within the specified length.
To configure jumbo frame support in interface view:
1. Enter system view.
2. Enter Ethernet interface view. system-view interface interface-type
interface-number
N/A
N/A
3. Configure jumbo frame support. jumboframe enable [ value ]
By default, the device allows jumbo frames within 12288 bytes to pass through Ethernet interfaces.
If you set the value argument multiple times, the most recent configuration takes effect.
Configuring physical state change suppression on an Ethernet interface
The physical link state of an Ethernet interface is either up or down. Each time the physical link of a port goes up or comes down, the interface immediately reports the change to the CPU. The CPU then notifies the upper-layer protocol modules (such as routing and forwarding modules) of the change for guiding packet forwarding, and automatically generates traps and logs, informing the user to take corresponding actions.
To prevent frequent physical link flapping from affecting system performance, configure physical state change suppression to suppress the reporting of physical link state changes. The system reports physical layer changes only when the suppression interval expires.
To configure physical state change suppression on an Ethernet interface:
1. Enter system view.
2. Enter Ethernet interface view. system-view interface interface-type
interface-number
N/A
N/A
6
3. Set the link-down event suppression interval.
4. Set the link-up event suppression interval. link-delay delay-time link-delay [ msec ]
delay-time mode up
By default, each time the physical link of a port comes down, the interface immediately reports the change to the CPU.
When this command is configured:
•
The link-down event is not reported to the CPU until the interface is still down when the suppression interval (delay-time) expires.
•
The link-up event is immediately reported when the interface goes up.
By default, each time the physical link of a port goes up, the interface immediately reports the change to the CPU.
When this command is configured:
•
The link-up event is not reported to the CPU until the interface is still up when the suppression interval (delay-time) expires.
•
The link-down event is immediately reported.
5. Set the link-updown event suppression interval. link-delay [ msec ]
delay-time mode updown
By default, each time the physical link of a port goes up or comes down, the interface immediately reports the change to the CPU.
When this command is configured, the link-up or link-down event is not reported to the CPU until the interface is still up or down when the suppression interval (delay-time) expires.
The link-delay command and the link-delay mode command overwrite each other, and whichever is configured last takes effect.
Do not configure physical state change suppression on a port with MSTP enabled.
Configuring generic flow control on an Ethernet interface
To avoid packet drops on a link, you can enable generic flow control at both ends of the link. When traffic congestion occurs at the receiving end, the receiving end sends a flow control (Pause) frame to ask the sending end to suspend sending packets.
• With TxRx mode generic flow control enabled, an interface can both send and receive flow control frames. When congestion occurs, the interface sends a flow control frame to its peer. When the interface receives a flow control frame from the peer, it suspends sending packets.
• With Rx flow mode generic control enabled, an interface can receive flow control frames, but it cannot send flow control frames. When the interface receives a flow control frame from its peer, it suspends sending packets to the peer. When congestion occurs, the interface cannot send flow control frames to the peer.
be congested. To avoid packet loss, enable flow control on Port A and Port B.
7
Figure 1 Flow control on ports
When TxRx mode generic flow control is enabled on Port B and Rx mode generic flow control is enabled on Port A:
•
When Port C is congested, Switch B buffers the packet. When the buffered packets reach a specific size, Switch B learns that the traffic forwarded from Port B to Port C is too heavy and exceeds the forwarding capability of Port C. In this case, Port B with TxRx mode generic flow control enabled sends generic pause frames to Port A and tells Port A to suspend sending packets.
•
When Port A receives the generic pause frames, Port A suspends sending packets to Port B for a certain period, which is carried in the generic pause frames. Port B sends generic pause frames to
Port A until congestion is removed.
To handle unidirectional traffic congestion on a link, configure the flow-control receive enable command at one end and the flow-control command at the other end. To enable both ends of a link to handle traffic congestion, configure the flow-control command at both ends.
To enable generic flow control on an Ethernet interface:
1. Enter system view.
2. Enter Ethernet interface view.
3. Enable generic flow control. system-view interface interface-type
interface-number
•
Enable TxRx mode generic flow control: flow-control
•
Enable Rx mode generic flow control: flow-control receive enable
N/A
N/A
By default, generic flow control is disabled on an Ethernet interface.
Configuring PFC on an Ethernet interface
PFC performs flow control based on 802.1p priorities. With PFC enabled, an interface requires its peer to suspend sending packets with the specified 802.1p priorities when congestion occurs. By decreasing the transmission rate, PFC helps avoid packet loss.
You can enable PFC for the specified 802.1p priorities at the two ends of a link. When network congestion occurs, the local device checks the PFC status for the 802.1p priority carried in each arriving packet. The device processes the packet depending on the PFC status as follows:
•
If PFC is enabled for the 802.1p priority, the local device accepts the packet and sends a PFC pause frame to the peer. The peer stops sending packets carrying this 802.1p priority for an interval as specified in the PFC pause frame. This process is repeated until the congestion is removed.
•
If PFC is disabled for the 802.1p priority, the local port drops the packet.
To configure PFC on an Ethernet interface:
8
1. Enter system view. system-view
2. Enter Ethernet interface view. interface interface-type
3. Enable PFC on the interface through automatic negotiation or forcibly. priority-flow-control { auto | enable }
N/A
N/A
By default, PFC is disabled.
4. Enable PFC for specific
802.1p priorities. priority-flow-control no-drop dot1p dot1p-list
By default, PFC is disabled for all
802.1p priorities.
When you configure PFC, follow these guidelines:
•
To perform PFC on a network port of an IRF member device, configure PFC on both the network port and the IRF physical ports. For information about IRF, see IRF configuration Guide.
•
To ensure correct operations of IRF and other protocols, HP recommends not enabling PFC for
802.1p priorities 0, 6, and 7.
•
Perform the same PFC configuration on all ports that traffic travels through.
•
A port can receive PFC pause frames whether or not PFC is enabled on the port. However, only a port with PFC enabled can process PFC pause frames. To make PFC take effect, make sure PFC is enabled on both the local end and the peer end.
The relationship between the PFC function and the generic flow control function is shown in
Table 1 The relationship between the PFC function and the generic flow control function flow-control priority-flo w-control enable priority-flow-contr ol no-drop dot1p
Remarks
Unconfigurable Configured Configured
You cannot enable flow control by using the flow-control command on a port where PFC is enabled and PFC is enabled for the specified
802.1p priority values.
•
On a port configured with the flow-control command, you can enable PFC, but you cannot enable PFC for specific 802.1p priorities.
•
Enabling both generic flow control and PFC on a port disables the port from sending common or PFC pause frames to inform the peer of congestion conditions. However, the port can still handle common and PFC pause frames from the peer.
9
Configuring a Layer 2 Ethernet interface
Configuring storm suppression
You can use the storm suppression function to limit the size of a particular type of traffic (broadcast, multicast, or unknown unicast traffic) on an interface. When the broadcast, multicast, or unknown unicast traffic on the interface exceeds this threshold, the system discards packets until the traffic drops below this threshold.
Any of the storm-constrain, broadcast-suppression, multicast-suppression, and unicast-suppression commands can suppress storm on a port. The broadcast-suppression, multicast-suppression, and unicast-suppression commands suppress traffic in hardware, and have less impact on device performance than the storm-constrain command, which performs suppression in software.
Configuration guidelines
For the same type of traffic, do not configure the storm constrain command together with any of the broadcast-suppression, multicast-suppression, and unicast-suppression commands. Otherwise, the traffic suppression result is not determined. For more information about the storm-constrain command, see "
Configuring storm control on an Ethernet interface ."
Configuration procedure
To set storm suppression thresholds on one or multiple Ethernet interfaces:
1. Enter system view. system-view N/A
2. Enter Ethernet interface view. interface interface-type
3. Enable broadcast suppression and set the broadcast suppression threshold. broadcast-suppression { ratio | pps max-pps | kbps max-kbps }
4. Enable multicast suppression and set the multicast suppression threshold.
5. Enable unknown unicast suppression and set the unknown unicast suppression threshold. multicast-suppression { ratio | pps
max-pps | kbps max-kbps } unicast-suppression { ratio | pps
max-pps | kbps max-kbps }
N/A
By default, broadcast traffic is allowed to pass through an interface.
By default, multicast traffic is allowed to pass through an interface.
By default, unknown unicast traffic is allowed to pass through an interface.
Configuring storm control on an Ethernet interface
About storm control
Storm control compares broadcast, multicast, and unknown unicast traffic regularly with their respective traffic thresholds on an Ethernet interface. For each type of traffic, storm control provides a lower threshold and a higher threshold.
For management purposes, you can configure the interface to output threshold event traps and log messages when monitored traffic exceeds the upper threshold or falls below the lower threshold from the upper threshold.
10
Depending on your configuration, when a particular type of traffic exceeds its upper threshold, the interface does either of the following:
•
Blocks this type of traffic, while forwarding other types of traffic—Even though the interface does not forward the blocked traffic, it still counts the traffic. When the blocked traffic drops below the lower threshold, the port begins to forward the traffic.
•
Shuts down automatically—The interface shuts down automatically and stops forwarding any traffic. When the blocked traffic is detected dropping below the lower threshold, the port does not forward the traffic. To bring up the interface, use the undo shutdown command or disable the storm control function.
Any of the storm-constrain, broadcast-suppression, multicast-suppression, and unicast-suppression commands can suppress storm on a port. The broadcast-suppression, multicast-suppression, and unicast-suppression commands suppress traffic in hardware, and have less impact on device performance than the storm-constrain command, which performs suppression in software.
Storm control uses a complete polling cycle to collect traffic data, and analyzes the data in the next cycle.
An interface takes one to two polling intervals to take a storm control action.
Configuration guidelines
For the same type of traffic, do not configure the storm constrain command together with any of the broadcast-suppression, multicast-suppression, and unicast-suppression commands. Otherwise, the traffic suppression result is not determined. For more information about the broadcast-suppression,
multicast-suppression, and unicast-suppression commands, see " Configuring storm suppression ."
Configuration procedure
To configure storm control on an Ethernet interface:
Step Command
1. Enter system view. system-view
2. (Optional.) Set the traffic polling interval of the storm control module. storm-constrain interval seconds
Remarks
N/A
The default setting is 10 seconds.
For network stability, use the default or set a higher traffic polling interval (10 seconds).
3. Enter Ethernet interface view. interface interface-type
4. (Optional.) Enable storm control, and set the lower and upper thresholds for broadcast, multicast, or unknown unicast traffic. storm-constrain { broadcast | multicast | unicast } { pps | kbps | ratio } max-pps-values
min-pps-values
5. Set the control action to take when monitored traffic exceeds the upper threshold. storm-constrain control { block | shutdown }
N/A
By default, storm control is disabled.
By default, storm control is disabled.
6. (Optional.) Enable the interface to log storm control threshold events. storm-constrain enable log
By default, the interface outputs log messages when monitored traffic exceeds the upper threshold or falls below the lower threshold from the upper threshold.
11
Step Command
7. (Optional.) Enable the interface to send storm control threshold event traps. storm-constrain enable trap
Remarks
By default, the interface sends traps when monitored traffic exceeds the upper threshold or drops below the lower threshold from the upper threshold.
Displaying and maintaining an Ethernet interface
Execute display commands in any view and reset commands in user view.
Task Command
Display interface traffic statistics.
Display traffic rate statistics of interfaces in up state over the last sampling interval. display counters { inbound | outbound } interface [ interface-type
[ interface-number ] ] display counters rate { inbound | outbound } interface
[ interface-type [ interface-number ] ]
Display the operational and status information of the specified interface or all interfaces.
Display summary information about the specified interface or all interfaces.
Display information about dropped packets on the specified interface or all interfaces.
Display information about storm control on the specified interface or all interfaces.
Display the Ethernet module statistics.
Clear the interface statistics.
Clear the statistics of dropped packets on the specified interfaces.
Clear the Ethernet module statistics. display interface [ interface-type [ interface-number |
interface-number.subnumber ] ] display interface [ interface-type [ interface-number |
interface-number.subnumber ] ] brief [ description ] display packet-drop { interface [ interface-type
[ interface-number ] ] | summary } display storm-constrain [ broadcast | multicast | unicast ]
[ interface interface-type interface-number ] display ethernet statistics reset counters interface [ interface-type [ interface-number ] ] reset packet-drop interface [ interface-type [ interface-number ] ] reset ethernet statistics
12
Configuring loopback, null, and inloopback interfaces
This chapter describes how to configure a loopback interface, a null interface, and an inloopback interface.
Configuring a loopback interface
A loopback interface is a virtual interface. The physical layer state of a loopback interface is always up unless the loopback interface is manually shut down. Because of this benefit, loopback interfaces are widely used in the following scenarios:
•
Configuring a loopback interface address as the source address of the IP packets that the device generates—Because loopback interface addresses are stable unicast addresses, they are usually used as device identifications.
{
{
When you configure a rule on an authentication or security server to permit or deny packets that a device generates, you can simplify the rule by configuring it to permit or deny packets carrying the loopback interface address that identifies the device.
When you use a loopback interface address as the source address of IP packets, make sure the route from the loopback interface to the peer is reachable by performing routing configuration.
All data packets sent to the loopback interface are considered packets sent to the device itself, so the device does not forward these packets.
• Using a loopback interface in dynamic routing protocols—With no router ID configured for a dynamic routing protocol, the system selects the highest loopback interface IP address as the router
ID. In BGP, to avoid interruption of BGP sessions due to physical port failure, you can use a loopback interface as the source interface of BGP packets.
To configure a loopback interface:
Step Command
1. Enter system view. system-view
2. Create a loopback interface and enter loopback interface view. interface loopback
interface-number
Remarks
N/A
N/A
3. Set the interface description. description text
The default setting is interface name
Interface (for example, LoopBack1
Interface).
4. Configure the expected bandwidth of the loopback interface.
5. Restore the default settings for the loopback interface.
6. Bring up the loopback interface. bandwidth bandwidth-value default undo shutdown
By default, the expected bandwidth of a loopback interface is 0 kbps.
N/A
By default, a loopback interface is up.
13
Configuring a null interface
A null interface is a virtual interface and is always up, but you cannot use it to forward data packets or configure it with an IP address or link layer protocol. The null interface provides a simpler way to filter packets than ACL. You can filter undesired traffic by transmitting it to a null interface instead of applying an ACL. For example, if you specify a null interface as the next hop of a static route to a specific network segment, any packets routed to the network segment are dropped.
To configure a null interface:
Step Command
1. Enter system view. system-view
2. Enter null interface view. interface null 0
Remarks
N/A
Interface Null 0 is the default null interface on the device and cannot be manually created or removed.
Only one null interface, Null 0, is supported on the device. The null interface number is always 0.
The default setting is NULL0 Interface.
3. Set the interface description. description text
4. Restore the default settings for the null interface. default N/A
Configuring an inloopback interface
An inloopback interface is a virtual interface created by the system, which cannot be configured or deleted. The physical layer and link layer protocol states of an inloopback interface are always up. All
IP packets sent to an inloopback interface are considered packets sent to the device itself and are not forwarded.
Displaying and maintaining loopback, null, and inloopback interfaces
Execute display commands in any view and reset commands in user view.
Task Command
Display information about the specified or all loopback interfaces. display interface [ loopback ] [ brief [ down ] ] display interface [ loopback [ interface-number ] ] [ brief
[ description ] ] display interface [ null [ 0 ] ] [ brief [ description ] ] Display information about the null interface.
Display information about the inloopback interface.
Clear the statistics on the specified or all loopback interfaces.
Clear the statistics on the null interface. display interface [ inloopback [ 0 ] ] [ brief [ description ] ] reset counters interface loopback [ interface-number ] reset counters interface [ null [ 0 ] ]
14
Task Command
Clear the statistics on the inloopback interface. reset counters interface
15
Bulk configuring interfaces
You can enter interface range view to bulk configure multiple interfaces with the same feature instead of configuring them one by one. For example, you can execute the shutdown command in interface range view to shut down a range of interfaces.
If a command fails to take effect on the first interface in an interface range, the command does not take effect on all the other member interfaces. Failure to apply a command on a member interface except for the first interface does not affect the application of the command on the other member interfaces.
Configuration restrictions and guidelines
When you bulk configure interfaces in interface range view, follow these restrictions and guidelines:
•
In interface range view, only the commands supported by the first interface are available. The first interface is specified with the interface range command.
•
You cannot enter the view of some interfaces by using the interface interface-type interface-number command. Do not configure any of these interfaces as the first interface in the interface range.
•
Do not assign both an aggregate interface and any of its member interfaces to an interface range.
Some commands, after being executed on both an aggregate interface and its member interfaces, can break up the aggregation.
• No limit is set on the maximum number of interfaces in an interface range. The more interfaces in an interface range, the longer the command execution time.
•
The maximum number of interface range names is only limited by the system resources. To guarantee bulk interface configuration performance, HP recommends that you configure fewer than
1000 interface range names.
Configuration procedure
Step
1. Enter system view.
2. Enter interface range view.
Command system-view
• interface range { interface-type
interface-number [ to
interface-type
interface-number ] } &<1-5>
• interface range name name
[ interface { interface-type
interface-number [ to
interface-type
interface-number ] } &<1-5> ]
3. (Optional.) Display commands available for the first interface in the interface range.
Enter a question mark (?) at the interface range prompt.
Remarks
N/A
By using the interface range name command, you assign a name to an interface range and can specify this name rather than the interface range to enter the interface range view.
N/A
16
Step
4. Use available commands to configure the interfaces.
5. (Optional.) Verify the configuration.
Command
Available commands vary by interface. display this
Remarks
N/A
N/A
Displaying and maintaining bulk interface configuration
Execute display commands in any view.
Task Command
Display information about interface ranges configured through the interface range name command. display interface range [ name name ]
17
Configuring the MAC address table
Overview
An Ethernet device uses a MAC address table to forward frames. A MAC address entry includes a destination MAC address, an outgoing interface, and a VLAN ID. When the device receives a frame, it uses the destination MAC address of the frame to look for a match in the MAC address table.
• The device forwards the frame out of the outgoing interface in the matching entry if a match is found.
•
The device floods the frame to all interfaces in the VLAN of the frame if no match is found.
How a MAC address entry is created
The entries in the MAC address table include entries automatically learned by the device and entries manually added.
MAC address learning
The device can automatically populate its MAC address table by learning the source MAC addresses of incoming frames on each interface.
When a frame arrives at an interface (for example, port A), the device performs the following tasks:
1. Checks the source MAC address (for example, MAC-SOURCE) of the frame.
2. Looks up the source MAC address in the MAC address table.
{
{
The device updates the entry if an entry is found.
The device adds an entry for MAC-SOURCE and port A if no entry is found.
3. When the device receives a frame destined for MAC-SOURCE after learning this source MAC address, the device finds the MAC-SOURCE entry in the MAC address table and forwards the frame out of Port A.
The device performs the learning process each time it receives a frame with an unknown source MAC address until the MAC address table is fully populated.
Manually configuring MAC address entries
Dynamic MAC address learning does not distinguish between illegitimate and legitimate frames, which can invite security hazards. When Host A is connected to port A, a MAC address entry will be learned for the MAC address of Host A (for example, MAC A). When an illegal user sends frames with MAC A as the source MAC address to port B, the device performs the following tasks:
1. Learns a new MAC address entry with port B as the outgoing interface and overwrites the old entry for MAC A.
2. Forwards frames destined for MAC A out of port B to the illegal user.
As a result, the illegal user obtains the data of Host A. To improve the security for Host A, manually configure a static entry to bind Host A to port A. Then, the frames destined for Host A are always sent out of port A. Other hosts using the forged MAC address of Host A cannot obtain the frames destined for
Host A.
18
Types of MAC address entries
A MAC address table can contain the following types of entries:
• Static entries—A static entry is manually added to forward frames with a specific destination MAC address out of the associated interface, and it never ages out. A static entry has higher priority than a dynamically learned one.
•
Dynamic entries—A dynamic entry can be manually configured or dynamically learned to forward frames with a specific destination MAC address out of the associated interface. A dynamic entry might age out. A manually configured dynamic entry has the same priority as a dynamically learned one.
•
Blackhole entries—A blackhole entry is manually configured and never ages out. A blackhole entry is configured for filtering out frames with a specific destination MAC address. For example, to block all frames destined for a specific user for security concerns, you can configure the MAC address of this user as a blackhole MAC address entry.
•
Multiport unicast entries—A Multiport unicast entry is manually added to send frames with a specific unicast destination MAC address out of multiple ports, and it never ages out. A multiport unicast entry has higher priority than a dynamically learned one.
A static, blackhole, or multiport unicast MAC address entry can overwrite a dynamic MAC address entry, but not vice versa.
Configuring the MAC address table configuration task list
The configuration tasks discussed in the following sections can be performed in any order.
This document covers only the configuration of unicast MAC address entries, including static, dynamic, blackhole, and multiport unicast MAC address entries. For information about configuring static multicast
MAC address entries, see IP Multicast Configuration Guide.
To configure the MAC address table, perform the following tasks:
Tasks at a glance
(Optional.) Configuring MAC address entries
•
Adding or modifying a static or dynamic MAC address entry globally
•
Adding or modifying a static or dynamic MAC address entry on an interface
•
Adding or modifying a blackhole MAC address entry
•
Adding or modifying a multiport unicast MAC address entry
(Optional.) Disabling MAC address learning
(Optional.) Configuring the aging timer for dynamic MAC address entries
(Optional.) Enabling MAC address synchronization
19
Configuring MAC address entries
Configuration guidelines
• You cannot add a dynamic MAC address entry if a learned entry already exists with a different outgoing interface for the MAC address.
•
The manually configured static, blackhole, and multiport unicast MAC address entries cannot survive a reboot if you do not save the configuration. The manually configured dynamic MAC address entries, however, are lost upon reboot whether or not you save the configuration.
A frame whose source MAC address matches different types of MAC address entries is differently processed.
Type Description
Static MAC address entry
•
Discards the frame received on a different interface from that in the entry.
•
Forwards the frame received on the same interface as that in the entry.
Multiport unicast MAC address entry
Dynamic MAC address entry
•
Learns the MAC address (for example, MAC A) of the frame, adds a dynamic
MAC address entry for MAC A, and forwards the frame.
•
Forwards the frames destined for MAC A based on the multiport unicast MAC address entry.
•
Learns the MAC address of the frame received on a different interface from that in the entry and overwrites the original entry.
•
Forwards the frame received on the same interface as that in the entry and updates the aging timer for the entry.
Adding or modifying a static or dynamic MAC address entry globally
Step Command
1. Enter system view. system-view
2. Add or modify a static or dynamic
MAC address entry. mac-address { dynamic | static } mac-address interface interface-type interface-number vlan
vlan-id
Remarks
N/A
By default, no MAC address entry is configured globally.
Make sure you have created the VLAN and assigned the interface to the VLAN.
Adding or modifying a static or dynamic MAC address entry on an interface
1. Enter system view.
N/A system-view
20
2. Enter interface view.
3. Add or modify a static or dynamic MAC address entry.
•
Enter Layer 2 Ethernet interface view: interface interface-type
interface-number
•
Enter Layer 2 aggregate interface view: interface bridge-aggregation
interface-number
N/A mac-address { dynamic | static }
mac-address vlan vlan-id
By default, no MAC address entry is configured on an interface.
Make sure you have created the
VLAN and assigned the interface to the VLAN.
Adding or modifying a blackhole MAC address entry
1. Enter system view.
2. Add or modify a blackhole
MAC address entry. system-view mac-address blackhole
mac-address vlan vlan-id
N/A
By default, no blackhole MAC address entry is configured.
Make sure you have created the
VLAN.
Adding or modifying a multiport unicast MAC address entry
You can configure a multiport unicast MAC address entry to associate a unicast destination MAC address with multiple ports, so that the frame with a destination MAC address matching the entry is forwarded out of multiple ports.
For example, in NLB unicast mode, all servers within the cluster uses the cluster's MAC address as their own address, and frames destined for the cluster are forwarded to every server. In this case, you can configure a multiport unicast MAC address entry on the device connected to the server group. Then, the device forwards the frame destined for the server group through all ports connected to the servers within the cluster.
21
Figure 2 NLB cluster
Device
NLB cluster
You can configure a multiport unicast MAC address entry globally or on an interface.
Configuring a multiport unicast MAC address entry globally
1. Enter system view.
2. Add or modify a multiport unicast MAC address entry. system-view mac-address multiport
mac-address interface interface-list vlan vlan-id
N/A
By default, no multiport unicast
MAC address entry is configured globally.
Make sure you have created the
VLAN and assigned the interface to the VLAN.
Do not configure an interface as the output interface of a multiport unicast MAC address entry if the interface receives frames destined for the multiport unicast MAC address. Otherwise, the frames are flooded in the VLAN to which they belong.
Configuring a multiport unicast MAC address entry on an interface
1. Enter system view.
2. Enter interface view. system-view
•
Enter Layer 2 Ethernet interface view: interface interface-type
interface-number
•
Enter Layer 2 aggregate interface view: interface bridge-aggregation
interface-number
N/A
N/A
22
3. Add the interface to a multiport unicast MAC address entry. mac-address multiport
mac-address vlan vlan-id
By default, no multiport unicast
MAC address entry is configured on an interface.
Make sure you have created the
VLAN and assigned the interface to the VLAN.
Do not configure an interface as the output interface of a multiport unicast MAC address entry if the interface receives frames destined for the multiport unicast MAC address. Otherwise, the frames are flooded in the VLAN to which they belong.
Disabling MAC address learning
MAC address learning is enabled by default. To prevent the MAC address table from being saturated when the device is experiencing attacks, disable MAC address learning. For example, you can disable
MAC address learning to prevent the device from being attacked by a large amount of frames with different source MAC addresses.
When MAC address learning is disabled, the learned dynamic MAC addresses remain valid until they age out.
Disabling global MAC address learning
1. Enter system view. system-view N/A
2. Disable global MAC address learning. undo mac-address mac-learning enable
By default, global MAC address learning is enabled.
Disabling global MAC address learning disables MAC address learning on all interfaces.
Disabling MAC address learning on interfaces
When global MAC address learning is enabled, you can disable MAC address learning on a single interface.
To disable MAC address learning on an interface:
1. Enter system view. system-view N/A
23
2. Enter interface view.
3. Disable MAC address learning on the interface.
•
Enter Layer 2 Ethernet interface view: interface interface-type
interface-number
•
Enter Layer 2 aggregate interface view: interface bridge-aggregation
interface-number
N/A undo mac-address mac-learning enable
By default, MAC address learning on the interface is enabled.
Configuring the aging timer for dynamic MAC address entries
For security and efficient use of table space, the MAC address table uses an aging timer for each dynamic MAC address entry. If a dynamic MAC address entry is not updated before the aging timer expires, the device deletes the entry. This aging mechanism ensures that the MAC address table can promptly update to accommodate latest network topology changes.
A stable network requires a longer aging interval, and an unstable network requires a shorter aging interval.
An aging interval that is too long might cause the MAC address table to retain outdated entries. As a result, the MAC address table resources might be exhausted, and the MAC address table might fail to update to accommodate the latest network changes.
An interval that is too short might result in removal of valid entries, which would cause unnecessary floods and possibly affect the device performance.
To reduce floods on a stable network, set a long aging timer or disable the timer to prevent dynamic entries from unnecessarily aging out. Reducing floods improves the network performance. Reducing flooding also improves the security because it reduces the chances for a data frame to reach unintended destinations.
To configure the aging timer for dynamic MAC address entries:
1. Enter system view.
2. Configure the aging timer for dynamic MAC address entries. system-view mac-address timer { aging seconds
| no-aging }
N/A
By default, the aging timer for dynamic MAC address entries is
300 seconds.
The no-aging keyword disables the aging timer.
24
Enabling MAC address synchronization
To avoid unnecessary floods and improve forwarding speed, make sure all cards have the same MAC address table. After you enable MAC address synchronization, each card advertises learned MAC address entries to other cards. (In standalone mode.)
To avoid unnecessary floods and improve forwarding speed, make sure all cards have the same MAC address table. After you enable MAC address synchronization, each card advertises learned MAC address entries to other cards of all member devices. (In IRF mode.)
As shown in
:
•
Device A and Device B form an IRF fabric enabled with MAC address synchronization.
• Device A and Device B connect to AP C and AP D, respectively.
When Client A associates with AP C, Device A learns a MAC address entry for Client A and advertises it to Device B.
Figure 3 MAC address tables of devices when Client A accesses AP C
When Client A roams to AP D, Device B learns a MAC address entry for Client A. Device B advertises
it to Device A to ensure service continuity for Client A, as shown in Figure 4
.
25
Figure 4 MAC address tables of devices when Client A roams to AP D
To enable MAC address synchronization:
Step Command
1. Enter system view. system-view
2. Enable MAC address synchronization. mac-address mac-roaming enable
Remarks
N/A
By default, MAC address synchronization is disabled.
Displaying and maintaining the MAC address table
Execute display commands in any view.
Task Command
Display MAC address table information. display mac-address [ mac-address [ vlan vlan-id ] | [ [ dynamic | static ] [ interface interface-type interface-number ] | blackhole | multiport ] [ vlan vlan-id ] [ count ] ]
Display the aging timer for dynamic
MAC address entries.
Display the system or interface MAC address learning state. display mac-address aging-time display mac-address mac-learning [ interface interface-type
interface-number ]
Display MAC address statistics. display mac-address statistics
26
MAC address table configuration example
Network requirements
On a network:
•
Host A at 000f-e235-dc71 is connected to interface FortyGigE 1/0/1 of Device and belongs to
VLAN 1.
• Host B at 000f-e235-abcd, which behaved suspiciously on the network, also belongs to VLAN 1.
Configure the MAC address table as follows:
•
To prevent MAC address spoofing, add a static entry for Host A in the MAC address table of
Device.
• To drop all frames destined for Host B, add a blackhole MAC address entry for the host.
•
Set the aging timer to 500 seconds for dynamic MAC address entries.
Configuration procedure
# Add a static MAC address entry for MAC address 000f-e235-dc71 on FortyGigE 1/0/1 that belongs to VLAN 1.
<Device> system-view
[Device] mac-address static 000f-e235-dc71 interface fortygige 1/0/1 vlan 1
# Add a blackhole MAC address entry for MAC address 000f-e235-abcd that belongs to VLAN 1.
[Device] mac-address blackhole 000f-e235-abcd vlan 1
# Set the aging timer to 500 seconds for dynamic MAC address entries.
[Device] mac-address timer aging 500
Verifying the configuration
# Display the static MAC address entries for interface FortyGigE 1/0/1.
[Device] display mac-address static interface fortygige 1/0/1
MAC Address VLAN ID State Port/NickName Aging
000f-e235-dc71 1 Static FGE1/0/1 N
# Display the blackhole MAC address entries.
[Device] display mac-address blackhole
MAC Address VLAN ID State Port/NickName Aging
000f-e235-abcd 1 Blackhole N/A N
# Display the aging time of dynamic MAC address entries.
[Device] display mac-address aging-time
MAC address aging time: 500s.
27
Configuring MAC Information
The MAC Information feature can generate syslog messages or SNMP notifications when MAC address entries are learned or deleted. You can use these messages to monitor users leaving or joining the network and analyze network traffic.
The MAC Information feature buffers the MAC change syslog messages or SNMP notifications in a queue. The device overwrites the oldest MAC address change written into the queue with the most recent
MAC address change when the following conditions exist:
•
The MAC change notification interval does not expire.
•
The queue has been exhausted.
To send a syslog message or SNMP notification immediately after it is created, set the queue length to zero.
The device does not write MAC address change information or send MAC address change messages for blackhole MAC addresses, static MAC addresses, multiport unicast MAC addresses, multicast MAC addresses, and local MAC addresses except for dynamic MAC addresses.
Enabling MAC Information
Step Command
1. Enter system view. system-view
2. Enable MAC Information globally. mac-address information enable
3. Enter Layer 2 Ethernet interface view. interface interface-type
interface-number
Remarks
N/A
By default, MAC Information is globally disabled.
N/A
4. Enable MAC Information on the interface. mac-address information enable
{ added | deleted }
By default, MAC Information is disabled on an interface.
Make sure you have enabled
MAC Information globally before you enable it on the interface.
Configuring the MAC Information mode
The following MAC Information modes are available for sending MAC address changes:
• Syslog—The device sends syslog messages to notify MAC address changes. In this mode, the device sends syslog messages to the information center, which then outputs them to the monitoring terminal. For more information about information center, see Network Management and
Monitoring Configuration Guide.
• Trap—The device sends SNMP notifications to notify MAC address changes. In this mode, the device sends SNMP notifications to the NMS. For more information about SNMP, see Network
Management and Monitoring Configuration Guide.
To configure the MAC Information mode:
28
Step Command
1. Enter system view. system-view
2. Configure the MAC
Information mode. mac-address information mode
{ syslog | trap }
Remarks
N/A
The default setting is trap.
Configuring the MAC change notification interval
To prevent syslog messages or SNMP notifications from being sent too frequently, you can set the MAC change notification interval to a larger value.
To set the MAC change notification interval:
Step Command
1. Enter system view.
2. Set the MAC change notification interval. system-view mac-address information interval
interval-time
Remarks
N/A
The default setting is 1 second.
Configuring the MAC Information queue length
Step Command
1. Enter system view. system-view
2. Configure the MAC
Information queue length. mac-address information queue-length value
Remarks
N/A
The default setting is 50.
MAC Information configuration example
Network requirements
Enable MAC Information on interface FortyGigE 1/0/1 on Device in
to send MAC address changes in syslog messages to the log host, Host B, through interface FortyGigE 1/0/2.
29
Figure 5 Network diagram
Configuration restrictions and guidelines
When you edit the file /etc/syslog.conf, follow these restrictions and guidelines:
• Comments must be on a separate line and must begin with a pound sign (#).
• No redundant spaces are allowed after the file name.
•
The logging facility name and the severity level specified in the /etc/syslog.conf file must be the same as those configured on the device. Otherwise, the log information might not be output correctly to the log host. The logging facility name and the severity level are configured by using the info-center loghost and info-center source commands.
Configuration procedure
1. Configure Device to send syslog messages to Host B:
# Enable the information center.
<Device> system-view
[Device] info-center enable
# Specify the log host 192.168.1.2/24 and specify local4 as the logging facility.
[Device] info-center loghost 192.168.1.2 facility local4
# Disable log output to the log host.
[Device] info-center source default loghost deny
To avoid output of unnecessary information, disable all modules from outputting logs to the specified destination (loghost, in this example) before you configure an output rule.
# Configure an output rule to output to the log host MAC address logs that have a severity level of at least informational.
[Device] info-center source mac loghost level informational
2. Configure the log host, Host B:
Configure Solaris as follows. Configure other UNIX operating systems in the same way Solaris is configured. a. Log in to the log host as a root user. b. Create a subdirectory named Device in directory /var/log/, and then create file info.log in the
Device directory to save logs from Device.
30
# mkdir /var/log/Device
# touch /var/log/Device/info.log c. Edit the file syslog.conf in directory /etc/ and add the following contents:
# Device configuration messages local4.info /var/log/Device/info.log
In this configuration, local4 is the name of the logging facility that the log host uses to receive logs, and info is the informational level. The UNIX system records the log information that has a severity level of at least informational to the file /var/log/Device/info.log. d.
Display the process ID of syslogd, kill the syslogd process, and then restart syslogd using the –r option to make the new configuration take effect.
# ps -ae | grep syslogd
147
# kill -HUP 147
# syslogd -r &
Now, the device can output MAC address logs to the log host, which stores the logs to the specified file.
3. Enable MAC Information on Device:
# Enable MAC Information globally.
[Device] mac-address information enable
# Configure the MAC Information mode as syslog.
[Device] mac-address information mode syslog
# Enable MAC Information on interface FortyGigE 1/0/1 to enable the interface to record MAC address change information when the interface performs either of the following tasks:
{
{
Learns a new MAC address.
Deletes an existing MAC address.
[Device] interface fortygige 1/0/1
[Device-FortyGigE1/0/1] mac-address information enable added
[Device-FortyGigE1/0/1] mac-address information enable deleted
[Device-FortyGigE1/0/1] quit
# Set the MAC Information queue length to 100.
[Device] mac-address information queue-length 100
# Set the MAC change notification interval to 20 seconds.
[Device] mac-address information interval 20
31
Configuring Ethernet link aggregation
Ethernet link aggregation bundles multiple physical Ethernet links into one logical link, called an aggregate link. Link aggregation has the following benefits:
•
Increased bandwidth beyond the limits of any single link. In an aggregate link, traffic is distributed across the member ports.
• Improved link reliability. The member ports dynamically back up one another. When a member port fails, its traffic is automatically switched to other member ports.
, Device A and Device B are connected by three physical Ethernet links. These physical Ethernet links are combined into an aggregate link called link aggregation 1. The bandwidth of this aggregate link can be as high as the total bandwidth of the three physical Ethernet links. At the same time, the three Ethernet links back up one another. When a physical Ethernet link fails, the traffic previously carried on the failed link is switched to the other two links.
Figure 6 Ethernet link aggregation diagram
Basic concepts
Aggregation group, member port, and aggregate interface
Link bundling is implemented through interface bundling. An aggregation group is a group of Ethernet interfaces bundled together, which are called member ports of the aggregation group. For each aggregation group, a logical interface (called an aggregate interface), is created.
Aggregate interfaces include Layer 2 aggregate interfaces and Layer 3 aggregate interfaces. On a
Layer 3 aggregate interface, you can create subinterfaces.
When you create an aggregate interface, the device automatically creates an aggregation group of the same type and number as the aggregate interface. For example, when you create aggregate interface
1, aggregation group 1 is created.
You can assign Layer 2 Ethernet interfaces only to a Layer 2 aggregation group, and Layer 3 Ethernet interfaces only to a Layer 3 aggregation group.
The port rate of an aggregate interface equals the total rate of its Selected member ports. Its duplex mode is the same as that of the selected member ports. For more information about the states of member ports in an aggregation group, see "
Aggregation states of member ports in an aggregation group ."
Aggregation states of member ports in an aggregation group
A member port in an aggregation group can be in any of the following aggregation states:
• Selected—A Selected port can forward traffic.
32
• Unselected—An Unselected port cannot forward traffic.
•
Individual—An Individual port can forward traffic as a normal physical port. A port is placed in the
Individual state when the following conditions exist:
{
{
The corresponding aggregate interface is configured as an edge aggregate interface.
The port has not received LACPDUs from its peer port.
Operational key
When aggregating ports, the system automatically assigns each port an operational key based on port information, such as port rate and duplex mode. Any change to this information triggers a recalculation of the operational key.
In an aggregation group, all Selected ports are assigned the same operational key.
Configuration types
Every configuration setting on a port might affect its aggregation state. Port configurations include the following types:
• Attribute configurations—To become a Selected port, a member port must have the same attribute
configurations as the aggregate interface. Table 2
describes the attribute configurations.
Attribute configurations made on an aggregate interface are automatically synchronized to all member ports. These configurations are retained on the member ports even after the aggregate interface is removed.
Any attribute configuration change might affect the aggregation state of link aggregation member ports and running services. To make sure that you are aware of the risk, the system displays a warning message every time you attempt to change an attribute configuration setting on a member port.
Table 2 Attribute configurations
Feature
Port isolation
Considerations
Indicates whether the port has joined an isolation group, and the isolation group to which the port belongs.
VLAN
VLAN attribute configurations include:
•
Permitted VLAN IDs.
•
PVID.
•
Link type (trunk, hybrid, or access).
•
Operating mode (promiscuous, trunk promiscuous, host).
•
VLAN tagging mode.
For information about VLAN, see "
• Protocol configurations—As opposed to attribute configurations, protocol configurations do not affect the aggregation state of the member ports. MAC address learning and spanning tree settings are examples of protocol configurations.
NOTE:
The protocol configuration for a member port is effective only when the member port leaves the aggregation group.
33
Link aggregation modes
Link aggregation has dynamic and static modes:
• Static aggregation mode—Aggregation is stable. The aggregation state of the member ports are not affected by the peer ports.
•
Dynamic aggregation mode—The peering system automatically maintains the aggregation state of the member ports, thus reducing the workload of administrators.
An aggregation group in static mode is called a "static aggregation group" and an aggregation group in dynamic mode is called a "dynamic aggregation group."
Aggregating links in static mode
Choosing a reference port
When setting the aggregation state of the ports in an aggregation group, the system automatically picks a member port as the reference port. A Selected port must have the same operational key and attribute configurations as the reference port.
The system chooses a reference port from the member ports that are in up state with the same attribute configurations as the aggregate interface.
The candidate ports are sorted in the following order:
1. Highest port priority
2. Full duplex/high speed
3. Full duplex/low speed
4. Half duplex/high speed
5. Half duplex/low speed
The candidate port at the top is chosen as the reference port. If two ports have the same port priority, duplex mode, and speed, the original Selected port is chosen. If more than one such original Selected port exists, the one with the lower port number is chosen.
Setting the aggregation state of each member port
After a static aggregation group has reached the limit on Selected ports, any port that joins the group is placed in Unselected state to avoid traffic interruption on the existing Selected ports.
34
Figure 7 Setting the aggregation state of a member port in a static aggregation group
To configure the maximum number of Selected ports in a static aggregation group, see "
Setting the minimum and maximum numbers of Selected ports for an aggregation group ."
To ensure stable aggregation state and service continuity, do not change the operational key or attribute configurations on any member port. If you need to make this change, make sure you understand its impact on the live network. Any operational key or attribute configuration change might affect the aggregation state of link aggregation member ports and ongoing traffic.
Aggregating links in dynamic mode
LACP
Dynamic aggregation mode is implemented through IEEE 802.3ad Link Aggregation Control Protocol
(LACP).
LACP uses LACPDUs to exchange aggregation information between LACP-enabled devices.
Each member port in an LACP-enabled aggregation group exchanges information with its peer. When a member port receives an LACPDU, it compares the received information with information received on the
35
other member ports. In this way, the two systems reach an agreement on which ports are placed in
Selected state.
LACP functions
LACP offers basic LACP functions and extended LACP functions, as described in Table 3
.
Table 3 Basic and extended LACP functions
Category
Basic LACP functions
Description
Implemented through the basic LACPDU fields, including the system LACP priority, system MAC address, port priority, port number, and operational key.
Extended LACP functions
Implemented by extending the LACPDU with new TLV fields. This is how the LACP
MAD mechanism of the IRF feature is implemented. it can participate in LACP MAD as either an IRF member device or an intermediate device.
For more information about IRF and the LACP MAD mechanism, see IRF
Configuration Guide.
LACP priorities
LACP priorities include system LACP priority and port priority, as described in
. The smaller the priority value, the higher the priority.
Table 4 LACP priorities
Type Description
System LACP priority
Used by two peer devices (or systems) to determine which one is superior in link aggregation.
In dynamic link aggregation, the system that has higher system LACP priority sets the
Selected state of member ports on its side, after which the system that has lower priority sets port state accordingly.
Port priority
Determines the likelihood of a member port to be selected on a system. The higher port priority, the higher the likelihood of selection.
LACP timeout interval
The LACP timeout interval specifies how long a member port waits to receive LACPDUs from the peer port.
If a local member port fails to receive LACPDUs from the peer within the LACP timeout interval, the member port assumes that the peer port has failed.
The LACP timeout interval also determines the LACPDU sending rate of the peer. You can configure the
LACP timeout interval as the short timeout interval (3 seconds) or the long timeout interval (90 seconds).
If you configure the short timeout interval, the peer sends LACPDUs fast (one LACPDU per second); if you configure the long timeout interval, the peer sends LACPDUs slowly (one LACPDU every 30 seconds).
How dynamic link aggregation works
Choosing a reference port
The system chooses a reference port from the member ports that are in up state and have the same attribute configurations as the aggregate interface. A Selected port must have the same operational key and attribute configurations as the reference port.
36
The local system (the actor) and the remote system (the partner) negotiate a reference port by using the following workflow:
1. The systems compare their system IDs. (A system ID contains the system LACP priority and the system MAC address.) The lower the LACP priority, the smaller the system ID. If LACP priority values are the same, the two systems compare their MAC addresses. The lower the MAC address, the smaller the system ID.
2. The system with the smaller system ID chooses the port with the smallest port ID as the reference port. (A port ID contains a port priority and a port number.) The port with the lower priority value is chosen. If two ports have the same aggregation priority, the system compares their port numbers.
The port with the smaller port number and the same attribute configurations as the aggregate interface becomes the reference port.
Setting the aggregation state of each member port
After the reference port is chosen, the system with the lower system ID sets the state of each member port in the dynamic aggregation group on its side as shown in
.
37
Figure 8 Setting the state of a member port in a dynamic aggregation group
Meanwhile, the system with the higher system ID, being aware of the aggregation state changes on the remote system, sets the aggregation state of local member ports the same as their peer ports.
When you aggregate interfaces in dynamic mode, follow these guidelines:
•
•
A dynamic link aggregation group preferably sets full-duplex ports as the Selected ports, and will set one, and only one, half-duplex port as a Selected port when none of the full-duplex ports can be selected or only half-duplex ports exist in the group.
•
To ensure stable aggregation and service continuity, do not change the operational key or attribute configurations on any member port.
38
• In a dynamic aggregation group, when the aggregation state of a local port changes, the aggregation state of the peer port also changes.
•
A port that joins a dynamic aggregation group after the Selected port limit has been reached is placed in Selected state if it is more eligible to be selected than a current member port.
Edge aggregate interface
You can configure the aggregate interface connecting an LACP-enabled device to an LACP-enabled server as an edge aggregate interface. During the server reboot process, the device cannot receive
LACPDUs from the server (the peer system). This feature enables the aggregation member ports on the device to forward packets from the server during the server reboot process.
Without this feature, the member ports on the device are placed in the Unselected state, and the ports discard packets from the server during the server reboot process.
An edge aggregate interface takes effect only when it is configured on an aggregate interface corresponding to a dynamic aggregation group.
After the server reboot, the device can receive LACPDUs from the server. Then, link aggregation between the device and the server operates correctly.
Load sharing criteria for link aggregation groups
In a link aggregation group, traffic may be load-shared across the selected member ports based on a set of criteria, depending on your configuration.
You can choose one of the following criteria or any combination of the criteria for load sharing:
•
Per-flow load sharing—Classifies traffic flows and forwards packets of the same flow on the same link by the following criteria, or any combination:
{
Source or destination MAC address.
{
{
{
Source or destination port number.
Ingress port.
Source or destination IP address.
•
Packet type-based load sharing—Automatically chooses link-aggregation load sharing criteria based on packet types (Layer 2 or IPv4 for example).
Ethernet link aggregation configuration task list
Tasks at a glance
(Required.) Configuring an aggregation group:
•
Configuring a static aggregation group
•
Configuring a dynamic aggregation group
39
Tasks at a glance
(Optional.) Configuring an aggregate interface:
•
Configuring the description of an aggregate interface
•
Specifying ignored VLANs on a Layer 2 aggregate interface
•
Setting the minimum and maximum numbers of Selected ports for an aggregation group
•
Configuring the expected bandwidth of an aggregate interface
•
Configuring an edge aggregate interface
•
Shutting down an aggregate interface
•
Restoring the default settings for an aggregate interface
(Optional.) Configuring load balancing for link aggregation group:
•
Configuring load sharing criteria for link aggregation groups
•
Enabling local-first load sharing for link aggregation
Configuring an aggregation group
This section explains how to configure an aggregation group.
Configuration restrictions and guidelines
When you configure an aggregation group, follow these restrictions and guidelines:
• Deleting an aggregate interface also deletes its aggregation group and causes all member ports to leave the aggregation group.
•
You must configure the same aggregation mode on the two ends of an aggregate link.
•
Before creating a Layer 3 aggregate interface or subinterface, use the reserve-vlan-interface command to reserve enough VLAN interface resources. If not enough VLAN interface resources are reserved, the system fails to create the Layer 3 aggregate interface or subinterface.
Before creating a Layer 3 aggregate interface, reserve a VLAN interface resource for each of the following interfaces:
{
{
Layer 3 aggregate interface.
Member ports in the corresponding Layer 3 aggregation group.
For example, before creating a Layer 3 aggregation group containing three member ports, reserve four VLAN interface resources. The Layer 3 aggregate interface uses one VLAN interface resource and each of the member ports uses one VLAN interface resource.
Before creating Layer 3 aggregate subinterfaces on a Layer 3 aggregate interface, reserve a
VLAN interface resource for each of the following interface:
{
{
{
Layer 3 aggregate interface.
Member ports in the corresponding Layer 3 aggregation group.
Layer 3 aggregate subinterfaces.
For example, before creating four Layer 3 aggregate subinterfaces on a Layer 3 aggregate interface whose corresponding aggregation group has two member ports, reserve seven VLAN interface resources. The aggregate interface uses one VLAN interface resource. Each of the member ports and aggregate subinterfaces uses one VLAN interface resource.
40
Before creating a Layer 3 aggregate subinterface, do not reserve a resource for the VLAN interface whose interface number matches the subinterface number. After you reserve a VLAN interface resource, do not create a Layer 3 aggregate subinterface whose subinterface number is the VLAN interface number. A Layer 3 aggregate subinterface uses the VLAN interface resource in processing tagged packets whose VLAN ID matches the subinterface number.
For more information about reserving VLAN interface resources, see " Configuring VLANs ."
•
Reserve VLAN interface resources of unused VLANs because VLAN interfaces cannot be created if their interface resources are reserved. To simplify management and configuration, HP recommends that you reserve VLAN interface resources as follows:
{
Bulk reserve resources of VLAN interfaces that are numbered in consecutive order.
{
Preferentially reserve resources of VLAN interfaces whose VLAN IDs are in the range of 3000 to 3500.
•
The software version can upgrade to support reserving VLAN interface resources. Then, examine whether Layer 3 aggregate interfaces and subinterfaces exist when you create Layer 3 aggregate interfaces and subinterfaces for the first time.
{
{
If Layer 3 aggregate interfaces and subinterfaces exist, reserve VLAN interface resources for both the existing and new Layer 3 aggregate interfaces and subinterfaces.
If no Layer 3 aggregate interfaces or subinterfaces exist, reserve VLAN interface resources only for new Layer 3 aggregate interfaces and subinterfaces.
Configuring a static aggregation group
To guarantee a successful static aggregation, make sure the ports at both ends of each link are in the same aggregation state.
Avoid assigning ports to a static aggregation group where the limit on Selected ports has been reached.
New member ports in the static aggregation group will be placed in the Unselected state to avoid traffic interruption on the current Selected ports. However, a device reboot can cause the aggregation state of member ports to change.
Configuring a Layer 2 static aggregation group
1.
2.
3.
Enter system view.
Create a Layer 2 aggregate interface and enter Layer 2 aggregate interface view.
Exit to system view.
4. Assign an interface to the specified Layer 2 aggregation group. system-view interface bridge-aggregation
interface-number quit a. Enter Layer 2 Ethernet interface view: interface interface-type
interface-number b. Assign the interface to the specified Layer 2 aggregation group: port link-aggregation group number
N/A
When you create a Layer 2 aggregate interface, the system automatically creates a Layer 2 static aggregation group numbered the same.
N/A
Repeat these two sub-steps to assign more Layer 2 Ethernet interfaces to the aggregation group.
41
Configuring a Layer 3 static aggregation group
Step
1. Enter system view.
2. Create a Layer 3 aggregate interface and enter Layer 3 aggregate interface view.
Command system-view interface route-aggregation
interface-number
Remarks
N/A
When you create a Layer 3 aggregate interface, the system automatically creates a Layer 3 static aggregation group numbered the same.
3. Exit to system view.
4. Assign an interface to the specified Layer 3 aggregation group. quit N/A a. Enter Layer 3 Ethernet interface view: interface interface-type
interface-number b. Assign the interface to the specified Layer 3 aggregation group: port link-aggregation group number
Repeat these two substeps to assign more Layer 3 Ethernet interfaces to the aggregation group.
Configuring a dynamic aggregation group
To guarantee a successful dynamic aggregation, make sure the peer ports of the ports aggregated at one end are also aggregated. The two ends can automatically negotiate the aggregation state of each member port.
Configuring a Layer 2 dynamic aggregation group
Step
1. Enter system view.
Command system-view
2. Set the system LACP priority. lacp system-priority system-priority
3. Create a Layer 2 aggregate interface and enter Layer 2 aggregate interface view.
4. Configure the aggregation group to operate in dynamic aggregation mode.
5. Exit to system view. interface bridge-aggregation
interface-number link-aggregation mode dynamic quit
Remarks
N/A
By default, the system LACP priority is 32768.
Changing the system LACP priority might affect the aggregation state of the ports in a dynamic aggregation group.
When you create a Layer 2 aggregate interface, the system automatically creates a Layer 2 static aggregation group numbered the same.
By default, an aggregation group operates in static aggregation mode.
N/A
42
Step
6. Assign an interface to the specified Layer 2 aggregation group.
7. Configure the port priority for the interface.
Command a. Enter Layer 2 Ethernet interface view: interface interface-type
interface-number b. Assign the interface to the specified Layer 2 aggregation group: port link-aggregation group number link-aggregation port-priority
port-priority
Remarks
Repeat these two sub-steps to assign more Layer 2 Ethernet interfaces to the aggregation group.
The default setting is 32768.
8. Configure the short LACP timeout interval (3 seconds) on the interface. lacp period short
By default, the long LACP timeout interval (90 seconds) is adopted by the interface. The peer sends
LACPDUs slowly.
Configuring a Layer 3 dynamic aggregation group
Step
1. Enter system view.
Command system-view
2. Set the system LACP priority. lacp system-priority system-priority
3. Create a Layer 3 aggregate interface and enter Layer 3 aggregate interface view. interface route-aggregation
interface-number
Remarks
N/A
By default, the system LACP priority is 32768.
Changing the system LACP priority might affect the aggregation states of the ports in the dynamic aggregation group.
When you create a Layer 3 aggregate interface, the system automatically creates a Layer 3 static aggregation group numbered the same.
4. Configure the aggregation group to operate in dynamic mode.
5. Exit to system view. link-aggregation mode dynamic
By default, an aggregation group operates in static mode.
6. Assign an interface to the specified Layer 3 aggregation group. quit a. Enter Layer 3 Ethernet interface view: interface interface-type
interface-number b. Assign the interface to the specified Layer 3 aggregation group: port link-aggregation group number
N/A
Repeat these two substeps to assign more Layer 3 Ethernet interfaces to the aggregation group.
7. Configure the port priority for the interface. link-aggregation port-priority
port-priority
The default setting is 32768.
43
Step Command Remarks
8. Configure the short LACP timeout interval (3 seconds) on the interface. lacp period short
Configuring an aggregate interface
By default, the long LACP timeout interval (90 seconds) is adopted by the interface.
In addition to the configurations in this section, most of the configurations that can be performed on Layer
2 or Layer 3 Ethernet interfaces can also be performed on Layer 2 or Layer 3 aggregate interfaces.
Configuring the description of an aggregate interface
You can configure the description of an aggregate interface for administration purposes such as describing the purpose of the interface.
To configure the description of an aggregate interface:
Step
1. Enter system view.
2. Enter aggregate interface or subinterface view.
Command system-view
•
Enter Layer 2 aggregate interface view: interface bridge-aggregation
interface-number
•
Enter Layer 3 aggregate interface or subinterface view: interface route-aggregation
{ interface-number |
interface-number.subnumber }
Remarks
N/A
N/A
3. Configure the description of the aggregate interface or subinterface. description text
By default, the description of an interface is in the format of
interface-name Interface.
Specifying ignored VLANs on a Layer 2 aggregate interface
By default, to become Selected ports, the member ports must have the same VLAN permit state and
VLAN tagging mode as the corresponding Layer 2 aggregate interface.
The system ignores the permit state and tagging mode of an ignored VLAN when choosing Selected ports.
To configure ignored VLANs on a Layer 2 aggregate interface:
Step
1. Enter system view.
Command system-view
Remarks
N/A
44
Step
2. Enter Layer 2 aggregate interface view.
3. Configure ignored VLANs.
Command interface bridge-aggregation
interface-number link-aggregation ignore vlan
vlan-id-list
Remarks
N/A
By default, a Layer 2 aggregate interface does not ignore any
VLANs.
Setting the minimum and maximum numbers of Selected ports for an aggregation group
IMPORTANT:
The minimum and maximum number of Selected ports must be the same for the local and peer aggregation groups.
The bandwidth of an aggregate link increases as the number of selected member ports increases. To avoid congestion caused by insufficient Selected ports on an aggregate link, you can set the minimum number of Selected ports required for bringing up the specific aggregate interface.
This minimum threshold setting affects the aggregation state of both aggregation member ports and the aggregate interface:
•
When the number of member ports eligible to be selected is smaller than the minimum threshold, all member ports change to the Unselected state and the link of the aggregate interface goes down.
•
When the minimum threshold is reached, the eligible member ports change to the Selected state, and the link of the aggregate interface goes up.
The maximum number of Selected ports allowed in an aggregation group is limited by either the configured maximum number or hardware capability, whichever value is smaller.
You can configure backup between two ports by assigning two ports to an aggregation group and configuring the maximum number of Selected ports allowed in the aggregation group as 1. In this way, only one Selected port is allowed in the aggregation group at any point in time, while the Unselected port serves as a backup port.
To set the minimum and maximum numbers of Selected ports for an aggregation group:
Step Command
1. Enter system view. system-view
2. Enter aggregate interface view.
•
Enter Layer 2 aggregate interface view: interface bridge-aggregation
interface-number
•
Enter Layer 3 aggregate interface view: interface route-aggregation
interface-number
3. Set the minimum number of
Selected ports for the aggregation group. link-aggregation selected-port minimum number
Remarks
N/A
N/A
By default, the minimum number of
Selected ports for the aggregation group is not specified.
45
Step Command
4. Set the maximum number of
Selected ports for the aggregation group. link-aggregation selected-port maximum number
Remarks
By default, the maximum number of
Selected ports for an aggregation group is 16.
Configuring the expected bandwidth of an aggregate interface
Step
1. Enter system view.
2. Enter aggregate interface or subinterface view.
Command system-view
•
Enter Layer 2 aggregate interface view: interface bridge-aggregation
interface-number
•
Enter Layer 3 aggregate interface /subinterface view: interface route-aggregation
{ interface-number |
interface-number.subnumber }
Remarks
N/A
N/A
3. Configure the expected bandwidth of the interface. bandwidth bandwidth-value
By default, the expected bandwidth (in kbps) is the interface baud rate divided by 1000.
Configuring an edge aggregate interface
This configuration takes effect on only the aggregate interface corresponding to a dynamic aggregation group.
To configure an edge aggregate interface:
Step Command
1. Enter system view.
2. Enter aggregate interface view.
3. Configure the aggregate interface as an edge aggregate interface. system-view
•
Enter Layer 2 aggregate interface view: interface bridge-aggregation
interface-number
•
Enter Layer 3 aggregate interface view: interface route-aggregation
interface-number lacp edge-port
Remarks
N/A
N/A
By default, an aggregate interface does not operate as an edge aggregate interface.
46
Shutting down an aggregate interface
Make sure no member port in an aggregation group is configured with the loopback command when you shut down the aggregate interface. Similarly, a port configured with the loopback command cannot be assigned to an aggregate interface already shut down. For more information about the loopback command, see Layer 2—LAN Switching Command Reference.
Shutting down or bringing up an aggregate interface affects the aggregation state and link state of ports in the corresponding aggregation group in the following ways:
•
When an aggregate interface is shut down, all Selected ports in the corresponding aggregation group become unselected and their link state becomes down.
•
When an aggregate interface is brought up, the aggregation state of ports in the corresponding aggregation group is recalculated.
To shut down an aggregate interface:
Step
1. Enter system view.
Remarks
N/A
2. Enter aggregate interface or subinterface view.
Command system-view
•
Enter Layer 2 aggregate interface view: interface bridge-aggregation
interface-number
•
Enter Layer 3 aggregate interface or subinterface view: interface route-aggregation
{ interface-number |
interface-number.subnumber }
N/A
3. Shut down the aggregate interface. shutdown
By default, aggregate interfaces are up.
Restoring the default settings for an aggregate interface
You can return all configurations on an aggregate interface to default settings.
To restore the default settings for an aggregate interface:
Step
1. Enter system view.
2. Enter aggregate interface or subinterface view.
Command system-view
•
Enter Layer 2 aggregate interface view: interface bridge-aggregation interface-number
•
Enter Layer 3 aggregate interface or subinterface view: interface route-aggregation { interface-number |
interface-number.subnumber }
3. Restore the default settings for the aggregate interface. default
47
Configuring load sharing for link aggregation groups
This section explains how to configure load sharing criteria for link aggregation groups and how to enable local-first load sharing for link aggregation.
Configuring load sharing criteria for link aggregation groups
You can configure global load sharing criteria, which take effect on all link aggregation groups.
To configure the global link-aggregation load sharing criteria:
Step
1. Enter system view.
Command system-view
Remarks
N/A
2. Configure the global link-aggregation load sharing criteria. link-aggregation global load-sharing mode { destination-ip | destination-mac
| destination-port | ingress-port | source-ip | source-mac | source-port } *
By default, the system automatically chooses link-aggregation load sharing criteria based on packet types.
In system view, the switch supports the following load sharing criteria and combinations:
•
Source IP address.
• Destination IP address.
• Source MAC address.
•
Destination MAC address.
•
Source IP address and destination IP address.
• Source IP address and source port.
• Destination IP address and destination port.
•
Source IP address, source port, destination IP address, and destination port.
•
Any combination of ingress port, source MAC address, and destination MAC address.
Enabling local-first load sharing for link aggregation
Use the local-first load sharing mechanism in a multi-device link aggregation scenario to distribute traffic preferentially across member ports on the ingress card or device rather than all member ports.
When you aggregate ports on different member devices in an IRF fabric, you can use local-first load sharing to reduce traffic on IRF links, as shown in
Figure 9 . For more information about IRF, see IRF
Configuration Guide.
48
Figure 9 Load sharing for multi-switch link aggregation in an IRF fabric
The egress port for a traffic flow is an aggregate interface that has Selected ports on different IRF member switches
Yes
Local-first load sharing mechanism enabled?
No
Any Selected ports on the ingress switch?
No
Yes
Packets are load shared only across the Selected ports on the ingress switch
To enable local-first load sharing for link aggregation:
Packets are load shared across all Selected ports
Step
1. Enter system view.
2. Enable local-first load sharing for link aggregation.
Command system-view link-aggregation load-sharing mode local-first
Remarks
N/A
By default, local-first load sharing for link aggregation is enabled.
NOTE:
Local-first load sharing for link aggregation takes effect on only known unicast packets.
Displaying and maintaining Ethernet link aggregation
Execute display commands in any view and reset commands in user view.
Task
Display information for an aggregate interface or multiple aggregate interfaces.
Display the local system ID.
Display the global or group-specific link-aggregation load sharing criteria.
Command display interface [ bridge-aggregation| route-aggregation ]
[ brief [ down | description ] ] display interface { bridge-aggregation | route-aggregation } interface-number [ brief [ description ] ] display lacp system-id display link-aggregation load-sharing mode [ interface
[ { bridge-aggregation | route-aggregation }
interface-number ] ]
49
Task
Display detailed link aggregation information for link aggregation member ports.
Display summary information about all aggregation groups.
Display detailed information about the specified aggregation groups.
Clear LACP statistics for the specified link aggregation member ports.
Clear statistics for the specified aggregate interfaces.
Command display link-aggregation member-port [ interface-list ] display link-aggregation summary display link-aggregation verbose [ { bridge-aggregation | route-aggregation } [ interface-number ] ] reset lacp statistics [ interface interface-list ] reset counters interface [ { bridge-aggregation | route-aggregation } [ interface-number ] ]
Ethernet link aggregation configuration examples
Layer 2 static aggregation configuration example
Network requirements
As shown in
, configure a Layer 2 static aggregation group on both Device A and Device B, and enable VLAN 10 at one end of the aggregate link to communicate with VLAN 10 at the other end, and
VLAN 20 at one end to communicate with VLAN 20 at the other end.
Figure 10 Network diagram
Configuration procedure
1. Configure Device A:
# Create VLAN 10, and assign port FortyGigE 1/0/4 to VLAN 10.
<DeviceA> system-view
[DeviceA] vlan 10
[DeviceA-vlan10] port fortygige 1/0/4
[DeviceA-vlan10] quit
# Create VLAN 20, and assign port FortyGigE 1/0/5 to VLAN 20.
[DeviceA] vlan 20
50
[DeviceA-vlan20] port fortygige 1/0/5
[DeviceA-vlan20] quit
# Create Layer 2 aggregate interface Bridge-Aggregation 1.
[DeviceA] interface bridge-aggregation 1
[DeviceA-Bridge-Aggregation1] quit
# Assign ports FortyGigE 1/0/1 through FortyGigE 1/0/3 to link aggregation group 1.
[DeviceA] interface fortygige 1/0/1
[DeviceA-FortyGigE1/0/1] port link-aggregation group 1
[DeviceA-FortyGigE1/0/1] quit
[DeviceA] interface fortygige 1/0/2
[DeviceA-FortyGigE1/0/2] port link-aggregation group 1
[DeviceA-FortyGigE1/0/2] quit
[DeviceA] interface fortygige 1/0/3
[DeviceA-FortyGigE1/0/3] port link-aggregation group 1
[DeviceA-FortyGigE1/0/3] quit
# Configure Layer 2 aggregate interface Bridge-Aggregation 1 as a trunk port and assign it to
VLANs 10 and 20.
[DeviceA] interface bridge-aggregation 1
[DeviceA-Bridge-Aggregation1] port link-type trunk
[DeviceA-Bridge-Aggregation1] port trunk permit vlan 10 20
[DeviceA-Bridge-Aggregation1] quit
2. Configure Device B in the same way Device A is configured.
Verifying the configuration
# Display detailed information about all aggregation groups on Device A.
[DeviceA] display link-aggregation verbose
Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing
Port Status: S -- Selected, U -- Unselected, I -- Individual
Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation,
D -- Synchronization, E -- Collecting, F -- Distributing,
G -- Defaulted, H -- Expired
Aggregate Interface: Bridge-Aggregation1
Aggregation Mode: Static
Loadsharing Type: Shar
Port Status Priority Oper-Key
--------------------------------------------------------------------------------
FGE1/0/1 S 32768 1
FGE1/0/2 S 32768 1
FGE1/0/3 S 32768 1
The output shows that link aggregation group 1 is a Layer 2 static aggregation group and it contains three Selected ports.
51
Layer 2 dynamic aggregation configuration example
Network requirements
As shown in
Figure 11 , configure a Layer 2 dynamic aggregation group on both Device A and Device B,
enable VLAN 10 at one end of the aggregate link to communicate with VLAN 10 at the other end, and
VLAN 20 at one end to communicate with VLAN 20 at the other end.
Figure 11 Network diagram
Configuration procedure
1. Configure Device A:
# Create VLAN 10, and assign the port FortyGigE 1/0/4 to VLAN 10.
<DeviceA> system-view
[DeviceA] vlan 10
[DeviceA-vlan10] port fortygige 1/0/4
[DeviceA-vlan10] quit
# Create VLAN 20, and assign the port FortyGigE 1/0/5 to VLAN 20.
[DeviceA] vlan 20
[DeviceA-vlan20] port fortygige 1/0/5
[DeviceA-vlan20] quit
# Create Layer 2 aggregate interface Bridge-Aggregation 1, and configure the link aggregation mode as dynamic.
[DeviceA] interface bridge-aggregation 1
[DeviceA-Bridge-Aggregation1] link-aggregation mode dynamic
[DeviceA-Bridge-Aggregation1] quit
# Assign ports FortyGigE 1/0/1 through FortyGigE 1/0/3 to link aggregation group 1.
[DeviceA] interface fortygige 1/0/1
[DeviceA-FortyGigE1/0/1] port link-aggregation group 1
[DeviceA-FortyGigE1/0/1] quit
[DeviceA] interface fortygige 1/0/2
[DeviceA-FortyGigE1/0/2] port link-aggregation group 1
[DeviceA-FortyGigE1/0/2] quit
[DeviceA] interface fortygige 1/0/3
[DeviceA-FortyGigE1/0/3] port link-aggregation group 1
52
[DeviceA-FortyGigE1/0/3] quit
# Configure Layer 2 aggregate interface Bridge-Aggregation 1 as a trunk port and assign it to
VLANs 10 and 20.
[DeviceA] interface bridge-aggregation 1
[DeviceA-Bridge-Aggregation1] port link-type trunk
[DeviceA-Bridge-Aggregation1] port trunk permit vlan 10 20
[DeviceA-Bridge-Aggregation1] quit
2. Configure Device B in the same way Device A is configured.
Verifying the configuration
# Display detailed information about all aggregation groups on Device A.
[DeviceA] display link-aggregation verbose
Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing
Port Status: S -- Selected, U -- Unselected, I -- Individual
Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation,
D -- Synchronization, E -- Collecting, F -- Distributing,
G -- Defaulted, H -- Expired
Aggregate Interface: Bridge-Aggregation1
Aggregation Mode: Dynamic
Loadsharing Type: Shar
System ID: 0x8000, 000f-e267-6c6a
Local:
Port Status Priority Oper-Key Flag
--------------------------------------------------------------------------------
FGE1/0/1 S 32768 1 {ACDEF}
FGE1/0/2 S 32768 1 {ACDEF}
FGE1/0/3 S 32768 1 {ACDEF}
Remote:
Actor Partner Priority Oper-Key SystemID Flag
--------------------------------------------------------------------------------
FGE1/0/1 1 32768 1 0x8000, 000f-e267-57ad {ACDEF}
FGE1/0/2 2 32768 1 0x8000, 000f-e267-57ad {ACDEF}
FGE1/0/3 3 32768 1 0x8000, 000f-e267-57ad {ACDEF}
The output shows that link aggregation group 1 is a Layer 2 dynamic aggregation group and it contains three Selected ports.
Layer 2 aggregation load sharing configuration example
Network requirements
As shown in
:
• Configure two Layer 2 static aggregation groups (1 and 2) on Device A and Device B respectively, and enable VLAN 10 at one end of the aggregate link to communicate with VLAN 10 at the other end, and VLAN 20 at one end to communicate with VLAN 20 at the other end.
• Configure the global load sharing criterion as the source MAC addresses of packets to load-share traffic across aggregation group member ports.
53
Figure 12 Network diagram
Configuration procedure
1. Configure Device A:
# Create VLAN 10, and assign the port FortyGigE 1/0/5 to VLAN 10.
<DeviceA> system-view
[DeviceA] vlan 10
[DeviceA-vlan10] port fortygige 1/0/5
[DeviceA-vlan10] quit
# Create VLAN 20, and assign the port FortyGigE 1/0/6 to VLAN 20.
[DeviceA] vlan 20
[DeviceA-vlan20] port fortygige 1/0/6
[DeviceA-vlan20] quit
# Create Layer 2 aggregate interface Bridge-Aggregation 1.
[DeviceA] interface bridge-aggregation 1
[DeviceA-Bridge-Aggregation1] quit
# Assign ports FortyGigE 1/0/1 and FortyGigE 1/0/2 to link aggregation group 1.
[DeviceA] interface fortygige 1/0/1
[DeviceA-FortyGigE1/0/1] port link-aggregation group 1
[DeviceA-FortyGigE1/0/1] quit
[DeviceA] interface fortygige 1/0/2
[DeviceA-FortyGigE1/0/2] port link-aggregation group 1
[DeviceA-FortyGigE1/0/2] quit
# Configure Layer 2 aggregate interface Bridge-Aggregation 1 as a trunk port and assign it to
VLAN 10.
[DeviceA] interface bridge-aggregation 1
[DeviceA-Bridge-Aggregation1] port link-type trunk
[DeviceA-Bridge-Aggregation1] port trunk permit vlan 10
[DeviceA-Bridge-Aggregation1] quit
# Create Layer 2 aggregate interface Bridge-Aggregation 2.
[DeviceA] interface bridge-aggregation 2
[DeviceA-Bridge-Aggregation2] quit
# Assign ports FortyGigE 1/0/3 and FortyGigE 1/0/4 to link aggregation group 2.
[DeviceA] interface fortygige 1/0/3
54
[DeviceA-FortyGigE1/0/3] port link-aggregation group 2
[DeviceA-FortyGigE1/0/3] quit
[DeviceA] interface fortygige 1/0/4
[DeviceA-FortyGigE1/0/4] port link-aggregation group 2
[DeviceA-FortyGigE1/0/4] quit
# Configure Layer 2 aggregate interface Bridge-Aggregation 2 as a trunk port and assign it to
VLAN 20.
[DeviceA] interface bridge-aggregation 2
[DeviceA-Bridge-Aggregation2] port link-type trunk
[DeviceA-Bridge-Aggregation2] port trunk permit vlan 20
[DeviceA-Bridge-Aggregation2] quit
# Configure the source MAC address as the global link-aggregation load sharing criterion.
[DeviceA] link-aggregation global load-sharing mode source-mac
2. Configure Device B in the same way Device A is configured.
Verifying the configuration
# Display detailed information about all aggregation groups on Device A.
[DeviceA] display link-aggregation verbose
Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing
Port Status: S -- Selected, U -- Unselected, I -- Individual
Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation,
D -- Synchronization, E -- Collecting, F -- Distributing,
G -- Defaulted, H -- Expired
Aggregate Interface: Bridge-Aggregation1
Aggregation Mode: Static
Loadsharing Type: Shar
Port Status Priority Oper-Key
--------------------------------------------------------------------------------
FGE1/0/1 S 32768 1
FGE1/0/2 S 32768 1
Aggregate Interface: Bridge-Aggregation2
Aggregation Mode: Static
Loadsharing Type: Shar
Port Status Priority Oper-Key
--------------------------------------------------------------------------------
FGE1/0/3 S 32768 2
FGE1/0/4 S 32768 2
The output shows that link aggregation groups 1 and 2 are both load-shared Layer 2 static aggregation groups and each contains two Selected ports.
# Display all the group-specific load sharing criteria on Device A.
[DeviceA] display link-aggregation load-sharing mode interface
Bridge-Aggregation1 Load-Sharing Mode: source-mac address
55
Bridge-Aggregation2 Load-Sharing Mode: source-mac address
The output shows that the load sharing criteria for both link aggregation group 1 and link aggregation group 2 are the source MAC addresses of packets.
Layer 3 static aggregation configuration example
Network requirements
As shown in
:
•
Reserve four VLAN interface resources before creating a Layer 3 aggregate interface.
• Configure a Layer 3 static aggregation group on both Device A and Device B.
• Configure IP addresses and subnet masks for the corresponding Layer 3 aggregate interfaces.
Figure 13 Network diagram
Configuration procedure
1. Configure Device A:
# Reserve VLAN interface resources of VLANs 3000 to 3500. For more information about reserving VLAN interface resources, see "
."
<DeviceA> system-view
[DeviceA] reserve-vlan-interface 3000 to 3500
# Create Layer 3 aggregate interface Route-Aggregation 1, and configure an IP address and subnet mask for the aggregate interface.
<DeviceA> system-view
[DeviceA] interface route-aggregation 1
[DeviceA-Route-Aggregation1] ip address 192.168.1.1 24
[DeviceA-Route-Aggregation1] quit
# Assign Layer 3 Ethernet interfaces FortyGigE 1/0/1 through FortyGigE 1/0/3 to aggregation group 1.
[DeviceA] interface fortygige 1/0/1
[DeviceA-FortyGigE1/0/1] port link-aggregation group 1
[DeviceA-FortyGigE1/0/1] quit
[DeviceA] interface fortygige 1/0/2
[DeviceA-FortyGigE1/0/2] port link-aggregation group 1
[DeviceA-FortyGigE1/0/2] quit
[DeviceA] interface fortygige 1/0/3
[DeviceA-FortyGigE1/0/3] port link-aggregation group 1
[DeviceA-FortyGigE1/0/3] quit
2. Configure Device B in the same way Device A is configured.
Verifying the configuration
# Display detailed information about all aggregation groups on Device A.
56
[DeviceA] display link-aggregation verbose
Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing
Port Status: S -- Selected, U -- Unselected, I -- Individual
Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation,
D -- Synchronization, E -- Collecting, F -- Distributing,
G -- Defaulted, H -- Expired
Aggregate Interface: Route-Aggregation1
Aggregation Mode: Static
Loadsharing Type: Shar
Port Status Priority Oper-Key
--------------------------------------------------------------------------------
FGE1/0/1 S 32768 1
FGE1/0/2 S 32768 1
FGE1/0/3 S 32768 1
The output shows that link aggregation group 1 is a non-load-shared Layer 3 static aggregation group that contains three Selected ports.
Layer 3 dynamic aggregation configuration example
Network requirements
As shown in
:
•
Reserve four VLAN interface resources before creating a Layer 3 aggregate interface.
• Configure a Layer 3 dynamic aggregation group on both Device A and Device B.
•
Configure IP addresses and subnet masks for the corresponding Layer 3 aggregate interfaces.
Figure 14 Network diagram
Configuration procedure
1. Configure Device A:
# Reserve VLAN interface resources of VLANs 3000 to 3500. For more information about reserving VLAN interface resources, see "
."
<DeviceA> system-view
[DeviceA] reserve-vlan-interface 3000 to 3500
# Create Layer 3 aggregate interface Route-Aggregation 1.
<DeviceA> system-view
[DeviceA] interface route-aggregation 1
# Configure the link aggregation mode as dynamic.
[DeviceA-Route-Aggregation1] link-aggregation mode dynamic
# Configure an IP address and subnet mask for Route-Aggregation 1.
[DeviceA-Route-Aggregation1] ip address 192.168.1.1 24
[DeviceA-Route-Aggregation1] quit
57
# Assign Layer 3 Ethernet interfaces FortyGigE 1/0/1 through FortyGigE 1/0/3 to aggregation group 1.
[DeviceA] interface fortygige 1/0/1
[DeviceA-FortyGigE1/0/1] port link-aggregation group 1
[DeviceA-FortyGigE1/0/1] quit
[DeviceA] interface fortygige 1/0/2
[DeviceA-FortyGigE1/0/2] port link-aggregation group 1
[DeviceA-FortyGigE1/0/2] quit
[DeviceA] interface fortygige 1/0/3
[DeviceA-FortyGigE1/0/3] port link-aggregation group 1
[DeviceA-FortyGigE1/0/3] quit
2. Configure Device B in the same way Device A is configured.
Verifying the configuration
# Display detailed information about all aggregation groups on Device A.
[DeviceA] display link-aggregation verbose
Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing
Port Status: S -- Selected, U -- Unselected, I -- Individual
Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation,
D -- Synchronization, E -- Collecting, F -- Distributing,
G -- Defaulted, H -- Expired
Aggregate Interface: Route-Aggregation1
Aggregation Mode: Dynamic
Loadsharing Type: Shar
System ID: 0x8000, 000f-e267-6c6a
Local:
Port Status Priority Oper-Key Flag
--------------------------------------------------------------------------------
FGE1/0/1 S 32768 1 {ACDEF}
FGE1/0/2 S 32768 1 {ACDEF}
FGE1/0/3 S 32768 1 {ACDEF}
Remote:
Actor Partner Priority Oper-Key SystemID Flag
--------------------------------------------------------------------------------
FGE1/0/1 1 32768 1 0x8000, 000f-e267-57ad {ACDEF}
FGE1/0/2 2 32768 1 0x8000, 000f-e267-57ad {ACDEF}
FGE1/0/3 3 32768 1 0x8000, 000f-e267-57ad {ACDEF}
The output shows that:
•
Link aggregation group 1 is a non-load-shared Layer 3 dynamic aggregation group.
• The aggregation group contains three Selected ports.
Layer 3 edge aggregate interface configuration example
Network requirements
As shown in
, the device and the server are the two ends of a dynamic aggregate link. The server starts a reboot. FortyGigE 1/0/1 and FortyGigE 1/0/2 must forward packets correctly during the
58
server's reboot process. To meet this requirement, configure Layer 3 aggregate interface
Route-Aggregation 1 on the device as an edge aggregate interface.
Reserve three VLAN interface resources before creating the Layer 3 aggregate interface.
Figure 15 Network diagram
Configuration procedure
1. Configure the device:
# Reserve VLAN interface resources of VLANs 3000 to 3500. For more information about reserving VLAN interface resources, see "
."
<DeviceA> system-view
[DeviceA] reserve-vlan-interface 3000 to 3500
# Create Layer 3 aggregate interface Route-Aggregation 1, configure the link aggregation mode as dynamic.
<Device> system-view
[Device] interface route-aggregation 1
[Device-Route-Aggregation1] link-aggregation mode dynamic
# Configure an IP address and subnet mask for Layer 3 aggregate interface Route-Aggregation 1.
[Device-Route-Aggregation1] ip address 192.168.1.1 24
# Configure Layer 3 aggregate interface Route-Aggregation 1 as an edge aggregate interface.
[Device-Route-Aggregation1] lacp edge-port
[Device-Route-Aggregation1] quit
# Assign Layer 3 Ethernet interfaces FortyGigE 1/0/1 and FortyGigE 1/0/2 to aggregation group 1.
[Device] interface fortygige 1/0/1
[Device-FortyGigE1/0/1] port link-aggregation group 1
[Device-FortyGigE1/0/1] quit
[Device] interface fortygige 1/0/2
[Device-FortyGigE1/0/2] port link-aggregation group 1
[Device-FortyGigE1/0/2] quit
2. Configure the server as required. (Details not shown.)
Verifying the configuration
# Display detailed information about all aggregation groups on the device during the server's reboot process.
[Device] display link-aggregation verbose
Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing
Port Status: S -- Selected, U -- Unselected, I -- Individual
Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation,
D -- Synchronization, E -- Collecting, F -- Distributing,
G -- Defaulted, H -- Expired
59
Aggregate Interface: Route-Aggregation1
Aggregation Mode: Dynamic
Loadsharing Type: NonS
System ID: 0x8000, 000f-e267-6c6a
Local:
Port Status Priority Oper-Key Flag
--------------------------------------------------------------------------------
FGE1/0/1 I 32768 1 {AG}
FGE1/0/2 I 32768 1 {AG}
Remote:
Actor Partner Priority Oper-Key SystemID Flag
--------------------------------------------------------------------------------
FGE1/0/1 0 32768 0 0x8000, 0000-0000-0000 {DEF}
FGE1/0/2 0 32768 0 0x8000, 0000-0000-0000 {DEF}
The output shows that FortyGigE 1/0/1 and FortyGigE 1/0/2 are in Individual state when they receive no LACPDUs from the server. Both FortyGigE 1/0/1 and FortyGigE 1/0/2 can forward packets, which ensures zero packet loss.
60
Configuring port isolation
The port isolation feature isolates Layer 2 traffic for data privacy and security without using VLANs. You can also use this feature to isolate the hosts in a VLAN from one another.
You can manually create isolation groups on the switch, but only the isolation group numbered 1 is valid.
The number of ports assigned to an isolation group is not limited.
Within the same VLAN, ports in an isolation group can communicate with those outside the isolation group at Layer 2.
Assigning ports to an isolation group
Step Command
1. Enter system view. system-view
2. Create an isolation group. port-isolate group group-number
3. Enter interface view.
4. Assign ports to the specified isolation group.
•
Enter Layer 2 Ethernet interface view: interface interface-type
interface-number
•
Enter Layer 2 aggregate interface view: interface bridge-aggregation
interface-number port-isolate enable group
group-number
Remarks
N/A
For this switch series, only the isolation group numbered 1 is valid.
•
The configuration in Layer 2 Ethernet interface view applies only to the interface.
•
The configuration in Layer 2 aggregate interface view applies to the Layer 2 aggregate interface and its aggregation member ports. If the device fails to apply the configuration to the aggregate interface, it does not assign any aggregation member port to the isolation group. If the failure occurs on an aggregation member port, the device skips the port and continues to assign other aggregation member ports to the isolation group.
No ports are assigned to an isolation group by default.
For this switch series, you can assign ports to only isolation group 1.
Displaying and maintaining port isolation
Execute display commands in any view.
Task Command
Display isolation group information display port-isolate group [ group-number ] [ | { begin | exclude | include } regular-expression ]
61
Port isolation configuration example
Network requirements
, LAN users Host A, Host B, and Host C are connected to FortyGigE 1/0/1,
FortyGigE 1/0/2, and FortyGigE 1/0/3 on the device, respectively. The device connects to the Internet through FortyGigE 1/0/4.
Configure the device to provide Internet access for the hosts, and isolate them from one another at Layer
2.
Figure 16 Network diagram
Configuration procedure
# Create isolation group 1.
<Device> system-view
[Device] port-isolate group 1
# Assign FortyGigE 1/0/1, FortyGigE 1/0/2, and FortyGigE 1/0/3 to isolation group 1.
[Device] interface fortygige 1/0/1
[Device-FortyGigE1/0/1] port-isolate enable group 1
[Device-FortyGigE1/0/1] quit
[Device] interface fortygige 1/0/2
[Device-FortyGigE1/0/2] port-isolate enable group 1
[Device-FortyGigE1/0/2] quit
[Device] interface fortygige 1/0/3
[Device-FortyGigE1/0/3] port-isolate enable group 1
Verifying the configuration
# Display information about isolation group 1.
[Device-FortyGigE1/0/3] display port-isolate group 1
Port isolation group information:
62
Group ID: 1
Group members:
FortyGigE1/0/1
FortyGigE1/0/2
FortyGigE1/0/3
63
Configuring spanning tree protocols
Spanning tree protocols eliminate loops in a physical link-redundant network by selectively blocking redundant links and putting them in a standby state.
The recent versions of STP include the Rapid Spanning Tree Protocol (RSTP) and the Multiple Spanning
Tree Protocol (MSTP).
STP
STP was developed based on the 802.1d standard of IEEE to eliminate loops at the data link layer in a
LAN. Networks often have redundant links as backups in case of failures, but loops are a very serious problem. Devices running STP detect loops in the network by exchanging information with one another, and eliminate loops by selectively blocking certain ports to prune the loop structure into a loop-free tree structure. This avoids proliferation and infinite cycling of packets that would occur in a loop network.
In the narrow sense, STP refers to IEEE 802.1d STP. In the broad sense, STP refers to the IEEE 802.1d STP and various enhanced spanning tree protocols derived from that protocol.
STP protocol packets
STP uses bridge protocol data units (BPDUs), also known as configuration messages, as its protocol packets. This chapter uses BPDUs to represent all types of spanning tree protocol packets.
STP-enabled network devices exchange BPDUs to establish a spanning tree. BPDUs contain sufficient information for the network devices to complete spanning tree calculation.
STP uses the following types of BPDUs:
• Configuration BPDUs—Used by the network devices to calculate a spanning tree and maintain the spanning tree topology.
•
Topology change notification (TCN) BPDUs—Notify network devices of network topology changes.
Configuration BPDUs contain sufficient information for the network devices to complete spanning tree calculation. Important fields in a configuration BPDU include the following:
•
Root bridge ID—Consisting of the priority and MAC address of the root bridge.
•
Root path cost—Cost of the path to the root bridge denoted by the root identifier from the transmitting bridge.
•
Designated bridge ID—Consisting of the priority and MAC address of the designated bridge.
•
Designated port ID—Consisting of the priority and global port number of the designated port.
•
Message age—Age of the configuration BPDU while it propagates in the network.
• Max age—Maximum age of the configuration BPDU stored on the switch.
•
Hello time—Configuration BPDU transmission interval.
•
Forward delay—Delay that STP bridges use to transit port state.
64
Basic concepts in STP
Root bridge
A tree network must have a root bridge. The entire network contains only one root bridge, and all the other bridges in the network are called "leaf nodes". The root bridge is not permanent, but can change with changes of the network topology.
Root port
Upon initialization of a network, each device generates and periodically sends configuration BPDUs, with itself as the root bridge. After network convergence, only the root bridge generates and periodically sends configuration BPDUs. The other devices only forward the BPDUs.
On a non-root bridge, the port nearest to the root bridge is the root port. The root port communicates with the root bridge. Each non-root bridge has only one root port. The root bridge has no root port.
Designated bridge and designated port
Classification
For a device
Designated bridge
Device directly connected with the local device and responsible for forwarding BPDUs to the local device
Designated port
Port through which the designated bridge forwards BPDUs to this device
For a LAN
Device responsible for forwarding BPDUs to this LAN segment
Port through which the designated bridge forwards BPDUs to this LAN segment
As shown in Figure 17 , Device B and Device C are directly connected to a LAN. If Device A forwards
BPDUs to Device B through port A1, the designated bridge for Device B is Device A, and the designated port of Device B is port A1 on Device A. If Device B forwards BPDUs to the LAN, the designated bridge for the LAN is Device B, and the designated port for the LAN is port B2 on Device B.
Figure 17 Designated bridges and designated ports
Device A
Port A1
Port A2
Device B
Port B1
Port B2
Port C1
Device C
Port C2
LAN
Path cost
Path cost is a reference value used for link selection in STP. STP calculates path costs to select the most robust links and block redundant links that are less robust, to prune the network into a loop-free tree.
65
Calculation process of the STP algorithm
The spanning tree calculation process described in the following sections is a simplified process for example only.
Calculation process
The STP algorithm uses the following calculation process:
1. Network initialization.
Upon initialization of a device, each port generates a BPDU with the port as the designated port, the device as the root bridge, 0 as the root path cost, and the device ID as the designated bridge
ID.
2. Root bridge selection.
Initially, each STP-enabled device on the network assumes itself to be the root bridge, with its own device ID as the root bridge ID. By exchanging configuration BPDUs, the devices compare their root bridge IDs to elect the device with the smallest root bridge ID as the root bridge.
3. Root port and designated ports selection on the non-root bridges.
1
Step Description
A non-root–bridge device regards the port on which it received the optimum configuration
BPDU as the root port.
Table 5 describes how the optimum configuration BPDU is selected.
2
3
Based on the configuration BPDU and the path cost of the root port, the device calculates a designated port configuration BPDU for each of the other ports.
•
The root bridge ID is replaced with that of the configuration BPDU of the root port.
•
The root path cost is replaced with that of the configuration BPDU of the root port plus the path cost of the root port.
•
The designated bridge ID is replaced with the ID of this device.
•
The designated port ID is replaced with the ID of this port.
The device compares the calculated configuration BPDU with the configuration BPDU on the port whose port role will be determined, and acts depending on the result of the comparison:
•
If the calculated configuration BPDU is superior, the device considers this port as the designated port, replaces the configuration BPDU on the port with the calculated configuration BPDU, and periodically sends the calculated configuration BPDU.
•
If the configuration BPDU on the port is superior, the device blocks this port without updating its configuration BPDU. The blocked port can receive BPDUs, but cannot send
BPDUs or forward data traffic.
When the network topology is stable, only the root port and designated ports forward user traffic.
Other ports are all in the blocked state to receive BPDUs but not to forward BPDUs or user traffic.
Table 5 Selecting the optimum configuration BPDU
Step
1
Actions
Upon receiving a configuration BPDU on a port, the device compares the priority of the received configuration BPDU with that of the configuration BPDU generated by the port, and:
•
If the former priority is lower, the device discards the received configuration BPDU and keeps the configuration BPDU the port generated.
•
If the former priority is higher, the device replaces the content of the configuration BPDU generated by the port with the content of the received configuration BPDU.
66
Step
2
Actions
The device compares the configuration BPDUs of all the ports and chooses the optimum configuration BPDU.
The following are the principles of configuration BPDU comparison: a. The configuration BPDU with the lowest root bridge ID has the highest priority. b. If configuration BPDUs have the same root bridge ID, their root path costs are compared. For example, the root path cost in a configuration BPDU plus the path cost of a receiving port is S.
The configuration BPDU with the smallest S value has the highest priority. c. If all configuration BPDUs have the same root bridge ID and S value, their designated bridge
IDs, designated port IDs, and the IDs of the receiving ports are compared in sequence. The configuration BPDU that contains a smaller designated bridge ID, designated port ID, or receiving port ID is selected.
A tree-shape topology forms when the root bridge, root ports, and designated ports are selected.
Example of STP calculation
provides an example showing how the STP algorithm works.
Figure 18 The STP algorithm
Device A
Priority = 0
Port A1 Port A2
Port B1 Port C1
Port B2 Port C2
Path cost = 4
Device B
Priority = 1
Device C
Priority = 2
, the priority values of Device A, Device B, and Device C are 0, 1, and 2, and the path costs of links among the three devices are 5, 10, and 4, respectively.
1. Device state initialization.
In
Table 6 , each configuration BPDU contains the following fields: root bridge ID, root path cost,
designated bridge ID, and designated port ID.
Table 6 Initial state of each device
Device
Device A
Device B
Port name
Port A1
Port A2
Port B1
Configuration BPDU on the port
{0, 0, 0, Port A1}
{0, 0, 0, Port A2}
{1, 0, 1, Port B1}
67
Device Port name
Port B2
Configuration BPDU on the port
{1, 0, 1, Port B2}
Port C1
Device C
Port C2
2. Configuration BPDUs comparison on each device.
{2, 0, 2, Port C1}
{2, 0, 2, Port C2}
In
Table 7 , each configuration BPDU contains the following fields: root bridge ID, root path cost,
designated bridge ID, and designated port ID.
Table 7 Comparison process and result on each device
Device
Device A
Device B
Comparison process
Configuration BPDU on ports after comparison
•
Port A1 receives the configuration BPDU of Port B1 {1, 0,
1, Port B1}, finds that its existing configuration BPDU {0, 0,
0, Port A1} is superior to the received configuration BPDU, and discards the received one.
•
Port A2 receives the configuration BPDU of Port C1 {2, 0,
2, Port C1}, finds that its existing configuration BPDU {0,
0, 0, Port A2} is superior to the received configuration
BPDU, and discards the received one.
•
Device A finds that it is both the root bridge and designated bridge in the configuration BPDUs of all its ports, and considers itself as the root bridge. It does not change the configuration BPDU of any port and starts to periodically send configuration BPDUs.
•
Port B1 receives the configuration BPDU of Port A1 {0, 0,
0, Port A1}, finds that the received configuration BPDU is superior to its existing configuration BPDU {1, 0, 1, Port
B1}, and updates its configuration BPDU.
•
Port B2 receives the configuration BPDU of Port C2 {2, 0,
2, Port C2}, finds that its existing configuration BPDU {1,
0, 1, Port B2} is superior to the received configuration
BPDU, and discards the received one.
•
Device B compares the configuration BPDUs of all its ports, decides that the configuration BPDU of Port B1 is the optimum, and selects Port B1 as the root port with the configuration BPDU unchanged.
•
Based on the configuration BPDU and path cost of the root port, Device B calculates a designated port configuration
BPDU for Port B2 {0, 5, 1, Port B2}, and compares it with the existing configuration BPDU of Port B2 {1, 0, 1, Port
B2}. Device B finds that the calculated one is superior, decides that Port B2 is the designated port, replaces the configuration BPDU on Port B2 with the calculated one, and periodically sends the calculated configuration
BPDU.
•
Port A1: {0, 0, 0, Port
A1}
•
Port A2: {0, 0, 0, Port
A2}
•
Port B1: {0, 0, 0, Port
A1}
•
Port B2: {1, 0, 1, Port
B2}
•
Root port (Port B1): {0,
0, 0, Port A1}
•
Designated port (Port
B2): {0, 5, 1, Port B2}
68
Device Comparison process
Configuration BPDU on ports after comparison
Device C
•
Port C1 receives the configuration BPDU of Port A2 {0, 0,
0, Port A2}, finds that the received configuration BPDU is superior to its existing configuration BPDU {2, 0, 2, Port
C1}, and updates its configuration BPDU.
•
Port C2 receives the original configuration BPDU of Port
B2 {1, 0, 1, Port B2}, finds that the received configuration
BPDU is superior to the existing configuration BPDU {2, 0,
2, Port C2}, and updates its configuration BPDU.
•
Device C compares the configuration BPDUs of all its ports, decides that the configuration BPDU of Port C1 is the optimum, and selects Port C1 as the root port with the configuration BPDU unchanged.
•
Based on the configuration BPDU and path cost of the root port, Device C calculates the configuration BPDU of Port
C2 {0, 10, 2, Port C2}, and compares it with the existing configuration BPDU of Port C2 {1, 0, 1, Port B2}. Device C finds that the calculated configuration BPDU is superior to the existing one, selects Port C2 as the designated port, and replaces the configuration BPDU of Port C2 with the calculated one.
•
Port C2 receives the updated configuration BPDU of Port
B2 {0, 5, 1, Port B2}, finds that the received configuration
BPDU is superior to its existing configuration BPDU {0, 10,
2, Port C2}, and updates its configuration BPDU.
•
Port C1 receives a periodic configuration BPDU {0, 0, 0,
Port A2} from Port A2, finds that it is the same as the existing configuration BPDU, and discards the received one.
•
Device C finds that the root path cost of Port C1 (10) (root path cost of the received configuration BPDU (0) plus path cost of Port C1 (10)) is larger than that of Port C2 (9) (root path cost of the received configuration BPDU (5) plus path cost of Port C2 (4)), decides that the configuration BPDU of
Port C2 is the optimum, and selects Port C2 as the root port with the configuration BPDU unchanged.
•
Based on the configuration BPDU and path cost of the root port, Device C calculates a designated port configuration
BPDU for Port C1 {0, 9, 2, Port C1} and compares it with the existing configuration BPDU of Port C1 {0, 0, 0, Port
A2}. Device C finds that the existing configuration BPDU is superior to the calculated one and blocks Port C1 with the configuration BPDU unchanged. Then Port C1 does not forward data until a new event triggers a spanning tree calculation process, for example, the link between Device
B and Device C is down.
•
Port C1: {0, 0, 0, Port
A2}
•
Port C2: {1, 0, 1, Port
•
•
Designated port (Port
•
•
B2}
Root port (Port C1): {0,
0, 0, Port A2}
C2): {0, 10, 2, Port C2}
Port C1: {0, 0, 0, Port
A2}
•
Port C2: {0, 5, 1, Port
B2}
Blocked port (Port C1):
{0, 0, 0, Port A2}
•
Root port (Port C2): {0,
5, 1, Port B2}
is established, and the topology is shown in
69
Figure 19 The final calculated spanning tree
The configuration BPDU forwarding mechanism of STP
The configuration BPDUs of STP are forwarded according to these guidelines:
• Upon network initiation, every device regards itself as the root bridge, generates configuration
BPDUs with itself as the root, and sends the configuration BPDUs at a regular hello interval.
•
If the root port received a configuration BPDU and the received configuration BPDU is superior to the configuration BPDU of the port, the device increases the message age carried in the configuration BPDU following a certain rule and starts a timer to time the configuration BPDU while sending this configuration BPDU through the designated port.
•
If the configuration BPDU received on a designated port has a lower priority than the configuration
BPDU of the local port, the port immediately sends its own configuration BPDU in response.
• If a path becomes faulty, the root port on this path no longer receives new configuration BPDUs and the old configuration BPDUs will be discarded due to timeout. The device generates a configuration
BPDU with itself as the root and sends the BPDUs and TCN BPDUs. This triggers a new spanning tree calculation process to establish a new path to restore the network connectivity.
However, the newly calculated configuration BPDU cannot be propagated throughout the network immediately, so the old root ports and designated ports that have not detected the topology change continue forwarding data along the old path. If the new root ports and designated ports begin to forward data as soon as they are elected, a temporary loop might occur.
STP timers
The most important timing parameters in STP calculation are forward delay, hello time, and max age.
•
Forward delay—Forward delay is the delay time for port state transition.
A path failure can cause spanning tree re-calculation to adapt the spanning tree structure to the change. However, the resulting new configuration BPDU cannot propagate throughout the network immediately. If the newly elected root ports and designated ports start to forward data immediately, a temporary loop will likely occur.
For this reason, as a mechanism for state transition in STP, the newly elected root ports or designated ports require twice the forward delay time before they transit to the forwarding state to make sure the new configuration BPDU has propagated throughout the network.
•
Hello time—The device sends hello packets at the hello time interval to the neighboring devices to make sure the paths are fault-free.
•
Max age—The device uses the max age to determine whether a stored configuration BPDU has expired and discards it if the max age is exceeded.
70
RSTP
RSTP achieves rapid network convergence by allowing a newly elected root port or designated port to enter the forwarding state much faster than STP.
If the old root port on the device has stopped forwarding data and the upstream designated port has started forwarding data, a newly elected RSTP root port rapidly enters the forwarding state.
A newly elected RSTP designated port rapidly enters the forwarding state if it is an edge port (a port that directly connects to a user terminal rather than to another network device or a shared LAN segment) or it connects to a point-to-point link. Edge ports directly enter the forwarding state. Connecting to a point-to-point link, a designated port enters the forwarding state immediately after the device receives a handshake response from the directly connected device.
MSTP
MSTP overcomes the following STP and RSTP limitations:
• STP limitations—STP does not support rapid state transition of ports. A newly elected port must wait twice the forward delay time before it transits to the forwarding state, even if it connects to a point-to-point link or is an edge port.
•
RSTP limitations—Although RSTP enables faster network convergence than STP, RSTP fails to provide load balancing among VLANs. As with STP, all RSTP bridges in a LAN share one spanning tree and forward packets from all VLANs along this spanning tree.
MSTP features
Developed based on IEEE 802.1s, MSTP overcomes the limitations of STP and RSTP. In addition to supporting rapid network convergence, it provides a better load sharing mechanism for redundant links by allowing data flows of different VLANs to be forwarded along separate paths.
MSTP provides the following features:
• MSTP divides a switched network into multiple regions, each of which contains multiple spanning trees that are independent of one another.
•
MSTP supports mapping VLANs to spanning tree instances by means of a VLAN-to-instance mapping table. MSTP can reduce communication overheads and resource usage by mapping multiple VLANs to one instance.
•
MSTP prunes a loop network into a loop-free tree, which avoids proliferation and endless cycling of packets in a loop network. In addition, it supports load balancing of VLAN data by providing multiple redundant paths for data forwarding.
•
MSTP is compatible with STP and RSTP.
MSTP basic concepts
shows a switched network that comprises four MST regions, each MST region comprising four
shows the networking topology of MST region 3.
71
Figure 20 Basic concepts in MSTP
VLAN 1 MSTI 1
VLAN 2 MSTI 2
Other VLANs MSTI 0
MST region 1
VLAN 1 MSTI 1
VLAN 2 MSTI 2
Other VLANs MSTI 0
MST region 4
MST region 2 MST region 3
VLAN 1 MSTI 1
VLAN 2 MSTI 2
Other VLANs MSTI 0
CST
VLAN 1 MSTI 1
VLAN 2&3 MSTI 2
Other VLANs MSTI 0
Figure 21 Network diagram and topology of MST region 3
MST region
A multiple spanning tree region (MST region) consists of multiple devices in a switched network and the network segments among them. All these devices have the following characteristics:
• A spanning tree protocol enabled
•
Same region name
72
• Same VLAN-to-instance mapping configuration
•
Same MSTP revision level
•
Physically linked together
Multiple MST regions can exist in a switched network. You can assign multiple devices to the same MST region. In
, the switched network comprises four MST regions, MST region 1 through MST region 4, and all devices in each MST region have the same MST region configuration.
MSTI
VLAN-to-instance mapping table
As an attribute of an MST region, the VLAN-to-instance mapping table describes the mapping relationships between VLANs and MSTIs.
In Figure 21 , the VLAN-to-instance mapping table of MST region 3 is: VLAN 1 to MSTI 1, VLAN 2 and
VLAN 3 to MSTI 2, and other VLANs to MSTI 0. MSTP achieves load balancing by means of the
VLAN-to-instance mapping table.
CST
MSTP can generate multiple independent spanning trees in an MST region, and each spanning tree is mapped to the specific VLANs. Each spanning tree is referred to as a "multiple spanning tree instance
(MSTI)".
In Figure 21 , MST region 3 comprises three MSTIs, MSTI 1, MSTI 2, and MSTI 0.
The common spanning tree (CST) is a single spanning tree that connects all MST regions in a switched network. If you regard each MST region as a device, the CST is a spanning tree calculated by these devices through STP or RSTP.
represent the CST.
IST
An internal spanning tree (IST) is a spanning tree that runs in an MST region. It is also called MSTI 0, a special MSTI to which all VLANs are mapped by default.
, MSTI 0 is the IST in MST region 3.
CIST
The common and internal spanning tree (CIST) is a single spanning tree that connects all devices in a switched network. It consists of the ISTs in all MST regions and the CST.
, the ISTs (MSTI 0) in all MST regions plus the inter-region CST constitute the CIST of the entire network.
Regional root
The root bridge of the IST or an MSTI within an MST region is the regional root of the IST or MSTI. Based on the topology, different spanning trees in an MST region might have different regional roots.
In MST region 3 in
Figure 21 , the regional root of MSTI 1 is Device B, the regional root of MSTI 2 is Device
C, and the regional root of MSTI 0 (also known as the IST) is Device A.
Common root bridge
The common root bridge is the root bridge of the CIST.
, the common root bridge is a device in MST region 1.
73
Port roles
A, Device B, Device C, and Device D. Port A1 and port A2 of Device A connect to the common root bridge. Port B2 and Port B3 of Device B form a loop. Port C3 and Port C4 of Device C connect to other
MST regions. Port D3 of Device D directly connects to a host.
Figure 22 Port roles
MSTP calculation involves the following port roles:
• Root port—Forwards data for a non-root bridge to the root bridge. The root bridge does not have any root port.
•
Designated port—Forwards data to the downstream network segment or device.
• Alternate port—Serves as the backup port for a root port or master port. When the root port or master port is blocked, the alternate port takes over.
•
Backup port—Serves as the backup port of a designated port. When the designated port is invalid, the backup port becomes the new designated port. A loop occurs when two ports of the same spanning tree device are connected, so the device blocks one of the ports. The blocked port acts as the backup.
•
Edge port—Does not connect to any network device or network segment, but directly connects to a user host.
• Master port—Serves as a port on the shortest path from the local MST region to the common root bridge. The master port is not always located on the regional root. It is a root port on the IST or CIST and still a master port on the other MSTIs.
•
Boundary port—Connects an MST region to another MST region or to an STP/RSTP-running device.
In MSTP calculation, a boundary port's role on an MSTI is consistent with its role on the CIST. But that is not true with master ports. A master port on MSTIs is a root port on the CIST.
Port states
In MSTP, a port can be in one of the following states:
74
• Forwarding—The port receives and sends BPDUs, learns MAC addresses, and forwards user traffic.
•
Learning—The port receives and sends BPDUs, learns MAC addresses, but does not forward user traffic. Learning is an intermediate port state.
• Discarding—The port receives and sends BPDUs, but does not learn MAC addresses or forward user traffic.
NOTE:
When in different MSTIs, a port can be in different states.
A port state is not exclusively associated with a port role. Table 8
lists the port states that each port role supports. (A check mark [√] indicates that the port supports this state, while a dash [—] indicates that the port does not support this state.)
Table 8 Port states that different port roles support
Port role (right)
Port state (below)
Forwarding
Learning
Discarding
Root port/master port
√
√
√
Designated port Alternate port
Backup port
√ — —
√ — —
√ √ √
How MSTP works
MSTP divides an entire Layer 2 network into multiple MST regions, which are connected by a calculated
CST. Inside an MST region, multiple spanning trees, called MSTIs, are calculated. Among these MSTIs,
MSTI 0 is the IST.
Like STP, MSTP uses configuration BPDUs to calculate spanning trees. An important difference is that an
MSTP BPDU carries the MSTP configuration of the bridge from which the BPDU is sent.
CIST calculation
The calculation of a CIST tree is also the process of configuration BPDU comparison. During this process, the device with the highest priority is elected as the root bridge of the CIST. MSTP generates an IST within each MST region through calculation. At the same time, MSTP regards each MST region as a single device and generates a CST among these MST regions through calculation. The CST and ISTs constitute the CIST of the entire network.
MSTI calculation
Within an MST region, MSTP generates different MSTIs for different VLANs based on the
VLAN-to-instance mappings. For each spanning tree, MSTP performs a separate calculation process
In MSTP, a VLAN packet is forwarded along the following paths:
•
Within an MST region, the packet is forwarded along the corresponding MSTI.
• Between two MST regions, the packet is forwarded along the CST.
75
MSTP implementation on devices
MSTP is compatible with STP and RSTP. Devices that are running MSTP and that are used for spanning tree calculation can identify STP and RSTP protocol packets.
In addition to basic MSTP functions, the following functions are provided for ease of management:
•
Root bridge hold
•
Root bridge backup
• Root guard
• BPDU guard
•
Loop guard
•
TC-BPDU guard
• Port role restriction
•
TC-BPDU transmission restriction
•
Support for hot swapping of interface cards
Protocols and standards
MSTP is documented in the following protocols and standards:
•
IEEE 802.1d, Media Access Control (MAC) Bridges
• IEEE 802.1w, Part 3: Media Access Control (MAC) Bridges—Amendment 2: Rapid Reconfiguration
• IEEE 802.1s, Virtual Bridged Local Area Networks—Amendment 3: Multiple Spanning Trees
•
IEEE 802.1Q-REV/D1.3, Media Access Control (MAC) Bridges and Virtual Bridged Local Area
Networks —Clause 13: Spanning tree Protocols
Spanning tree configuration task lists
Before configuring a spanning tree, you must determine the spanning tree protocol to be used (STP, RSTP, or MSTP) and plan the device roles (the root bridge or leaf node).
Configuration restrictions and guidelines
When you configure the spanning tree feature, follow these restrictions and guidelines:
• Configurations made in system view take effect globally. Configurations made in Ethernet interface view or WLAN mesh interface view take effect on the interface only. Configurations made in Layer
2 aggregate interface view take effect only on the aggregate interface. Configurations made on an aggregation member port can take effect only after the port is removed from the aggregation group.
• After you enable a spanning tree protocol on a Layer 2 aggregate interface, the system performs spanning tree calculation on the Layer 2 aggregate interface, but not on the aggregation member ports. The spanning tree protocol enable state and forwarding state of each selected member port is consistent with those of the corresponding Layer 2 aggregate interface.
76
• Though the member ports of an aggregation group do not participate in spanning tree calculation, the ports still reserve their spanning tree configurations for participating in spanning tree calculation after leaving the aggregation group.
STP configuration task list
Tasks at a glance
Configuring the root bridge:
•
(Required.)
Setting the spanning tree mode
•
(Optional.) Configuring the root bridge or a secondary root bridge
•
(Optional.) Configuring the device priority
•
(Optional.) Configuring the network diameter of a switched network
•
(Optional.) Configuring spanning tree timers
•
(Optional.) Configuring the timeout factor
•
(Optional.) Configuring the BPDU transmission rate
•
(Optional.) Enabling outputting port state transition information
•
(Required.)
Enabling the spanning tree feature
Configuring the leaf nodes:
•
(Required.)
Setting the spanning tree mode
•
(Optional.) Configuring the device priority
•
(Optional.) Configuring the timeout factor
•
(Optional.) Configuring the BPDU transmission rate
•
(Optional.) Configuring path costs of ports
•
(Optional.) Configuring the port priority
•
(Optional.) Enabling outputting port state transition information
•
(Required.)
Enabling the spanning tree feature
(Optional.) Configuring protection functions
RSTP configuration task list
Tasks at a glance
Configuring the root bridge:
•
(Required.)
Setting the spanning tree mode
•
(Optional.) Configuring the root bridge or a secondary root bridge
•
(Optional.) Configuring the device priority
•
(Optional.) Configuring the network diameter of a switched network
•
(Optional.) Configuring spanning tree timers
•
(Optional.) Configuring the timeout factor
•
(Optional.) Configuring the BPDU transmission rate
•
(Optional.) Configuring edge ports
•
(Optional.) Configuring the port link type
•
(Optional.) Enabling outputting port state transition information
•
(Required.)
Enabling the spanning tree feature
77
Tasks at a glance
Configuring the leaf nodes:
•
(Required.)
Setting the spanning tree mode
•
(Optional.) Configuring the device priority
•
(Optional.) Configuring the timeout factor
•
(Optional.) Configuring the BPDU transmission rate
•
(Optional.) Configuring edge ports
•
(Optional.) Configuring path costs of ports
•
(Optional.) Configuring the port priority
•
(Optional.) Configuring the port link type
•
(Optional.) Enabling outputting port state transition information
•
(Required.)
Enabling the spanning tree feature
(Optional.) Configuring protection functions
MSTP configuration task list
Tasks at a glance
Configuring the root bridge:
•
(Required.)
Setting the spanning tree mode
•
(Required.)
•
(Optional.) Configuring the root bridge or a secondary root bridge
•
(Optional.) Configuring the device priority
•
(Optional.) Configuring the maximum hops of an MST region
•
(Optional.) Configuring the network diameter of a switched network
•
(Optional.) Configuring spanning tree timers
•
(Optional.) Configuring the timeout factor
•
(Optional.) Configuring the BPDU transmission rate
•
(Optional.) Configuring edge ports
•
(Optional.) Configuring the port link type
•
(Optional.) Configuring the mode a port uses to recognize and send MSTP packets
•
(Optional.) Enabling outputting port state transition information
•
(Required.)
Enabling the spanning tree feature
78
Tasks at a glance
Configuring the leaf nodes:
•
(Required.)
Setting the spanning tree mode
•
(Required.)
•
(Optional.) Configuring the device priority
•
(Optional.) Configuring the timeout factor
•
(Optional.) Configuring the BPDU transmission rate
•
(Optional.) Configuring edge ports
•
(Optional.) Configuring path costs of ports
•
(Optional.) Configuring the port priority
•
(Optional.) Configuring the port link type
•
(Optional.) Configuring the mode a port uses to recognize and send MSTP packets
•
(Optional.) Enabling outputting port state transition information
•
(Required.)
Enabling the spanning tree feature
(Optional.) Configuring Digest Snooping
(Optional.) Configuring No Agreement Check
(Optional.) Configuring protection functions
Setting the spanning tree mode
The spanning tree modes include:
•
STP mode—All ports of the device send STP BPDUs. Select this mode when the peer device of a port supports only STP.
• RSTP mode—All ports of the device send RSTP BPDUs. A port in this mode automatically transits to the STP mode when it receives STP BPDUs from the peer device, and a port in this mode does not transit to the MSTP mode when it receives MSTP BPDUs from the peer device.
•
MSTP mode—All ports of the device send MSTP BPDUs. A port in this mode automatically transits to the STP mode when receiving STP BPDUs from the peer device, and a port in this mode does not transit to the RSTP mode when receiving RSTP BPDUs from the peer device.
MSTP mode is compatible with RSTP mode, and RSTP mode is compatible with STP mode.
To set the spanning tree mode:
Step Command Remarks
1. Enter system view. system-view N/A
2. Set the spanning tree mode. stp mode { mstp | rstp | stp }
The default setting is the
MSTP mode.
Configuring an MST region
Two or more spanning tree devices belong to the same MST region only if they are configured to have the same format selector (0 by default, not configurable), MST region name, MST region revision level, and
79
the same VLAN-to-instance mapping entries in the MST region, and they are connected through a physical link.
The configuration of MST region-related parameters (especially the VLAN-to-instance mapping table) might cause MSTP to begin a new spanning tree calculation. To reduce the possibility of topology instability, the MST region configuration takes effect only after you activate it by using the active region-configuration command, or enable a spanning tree protocol by using the stp global enable command if the spanning tree protocol is disabled.
To configure an MST region:
1. Enter system view.
2. Enter MST region view.
3. Configure the MST region name.
4. Configure the
VLAN-to-instance mapping table. system-view stp region-configuration region-name name
• instance instance-id vlan
vlan-id-list
• vlan-mapping modulo modulo
N/A
N/A
The default setting is the MAC address.
Use one of the commands.
By default, all VLANs in an MST region are mapped to the CIST (or
MSTI 0).
5. Configure the MSTP revision level of the MST region.
6. (Optional.) Display the MST region configurations that are not activated yet.
7. Manually activate MST region configuration.
8. (Optional.) Display the activated configuration information of the MST region. revision-level level check region-configuration active region-configuration display stp region-configuration
The default setting is 0.
N/A
N/A
Available in any view.
Configuring the root bridge or a secondary root bridge
You can have the spanning tree protocol determine the root bridge of a spanning tree through MSTP calculation, or you can specify the current device as the root bridge or as a secondary root bridge.
A device has independent roles in different spanning trees. It can act as the root bridge in one spanning tree and as a secondary root bridge in another. However, one device cannot be the root bridge and a secondary root bridge in the same spanning tree.
A spanning tree can have only one root bridge. If two or more devices are selected as the root bridge in a spanning tree at the same time, the device with the lowest MAC address is chosen.
When the root bridge of an instance fails or is shut down, the secondary root bridge (if you have specified one) becomes the root bridge if you have not specified a new root bridge. If you specify multiple secondary root bridges for an instance, the secondary root bridge with the lowest MAC address is given priority.
80
You can specify one root bridge for each spanning tree, regardless of the device priority settings. Once you specify a device as the root bridge or a secondary root bridge, you cannot change its priority.
You can configure the current device as the root bridge by setting the device priority to 0. For the device priority configuration, see "
Configuring the device priority ."
Configuring the current device as the root bridge of a specific spanning tree
Step Command
1. Enter system view.
2. Configure the current device as the root bridge. system-view
•
In STP/RSTP mode: stp root primary
•
In MSTP mode: stp [ instance instance-list ] root primary
Remarks
N/A
By default, a device does not function as the root bridge.
Configuring the current device as a secondary root bridge of a specific spanning tree
Step Command Remarks
1. Enter system view.
2. Configure the current device as a secondary root bridge. system-view
•
In STP/RSTP mode: stp root secondary
•
In MSTP mode: stp [ instance instance-list ] root secondary
N/A
By default, a device does not function as a secondary root bridge.
Configuring the device priority
Device priority is a factor in calculating the spanning tree. The priority of a device determines whether the device can be elected as the root bridge of a spanning tree. A lower value indicates a higher priority.
You can set the priority of a device to a low value to specify the device as the root bridge of the spanning tree. A spanning tree device can have different priorities in different MSTIs.
During root bridge selection, if all devices in a spanning tree have the same priority, the one with the lowest MAC address is selected as the root bridge of the spanning tree. You cannot change the priority of a device after it is configured as the root bridge or as a secondary root bridge.
To configure the priority of a device in a specified MSTI:
Step Command
1. Enter system view. system-view
Remarks
N/A
81
Step Command
2. Configure the priority of the current device.
•
In STP/RSTP mode: stp priority priority
•
In MSTP mode: stp [ instance instance-list ] priority
priority
Remarks
The default setting is 32768.
Configuring the maximum hops of an MST region
Restrict the region size by setting the maximum hops of an MST region. The hop limit configured on the regional root bridge is used as the hop limit for the MST region.
Configuration BPDUs sent by the regional root bridge always have a hop count set to the maximum value.
When a device receives this configuration BPDU, it decrements the hop count by one, and uses the new hop count in the BPDUs that it propagates. When the hop count of a BPDU reaches zero, it is discarded by the device that received it. Devices beyond the reach of the maximum hop can no longer participate in spanning tree calculations, so the size of the MST region is limited.
Make this configuration only on the root bridge. All other devices in the MST region use the maximum hop value set for the root bridge.
To configure the maximum number of hops of an MST region:
1. Enter system view.
2. Configure the maximum hops of the MST region. system-view stp max-hops hops
N/A
The default setting is 20.
Configuring the network diameter of a switched network
Any two terminal devices in a switched network are connected through a specific path composed of a series of devices. The network diameter is the number of devices on the path composed of the most devices. The network diameter is a parameter that indicates the network size. A bigger network diameter indicates a larger network size.
Based on the network diameter you configured, the system automatically sets an optimal hello time, forward delay, and max age for the device. Each MST region is considered a device and the configured network diameter is effective only on the CIST (or the common root bridge) but not on other MSTIs.
To configure the network diameter of a switched network:
Step Command Remarks
1. Enter system view.
2. Configure the network diameter of the switched network. system-view stp bridge-diameter diameter
N/A
The default setting is 7.
82
Configuring spanning tree timers
The following timers are used for spanning tree calculation:
• Forward delay—Delay time for port state transition. To prevent temporary loops on a network, the spanning tree feature sets an intermediate port state (the learning state) before it transits from the discarding state to the forwarding state. The feature also requires that the port transit its state after a forward delay timer to make sure the state transition of the local port stays synchronized with the peer.
•
Hello time—Interval at which the device sends configuration BPDUs to detect link failures. If the device receives no configuration BPDUs within the timeout time, it recalculates the spanning tree.
(Timeout time = timeout factor × 3 × hello time.)
• Max age—In the CIST of an MSTP network, the device uses the max age timer to determine if a configuration BPDU received by a port has expired. If it has, a new spanning tree calculation process starts. The max age timer does not take effect on other MSTIs except the CIST.
To avoid frequent network changes, make sure the timer settings meet the following formulas:
• 2 × (forward delay – 1 second) ≥ max age
•
Max age ≥ 2 × (hello time + 1 second)
HP recommends not manually setting the spanning tree timers. HP recommends specifying the network diameter and letting spanning tree protocols automatically calculate the timers based on the network diameter. If the network diameter uses the default value, the timers also use their default values.
Configure the timers only on the root bridge. The timer settings on the root bridge apply to all devices on the entire switched network.
Configuration restrictions and guidelines
When you configure spanning tree timers, follow these restrictions and guidelines:
• The length of the forward delay timer is related to the network diameter of the switched network. The larger the network diameter is, the longer the forward delay time should be. If the forward delay timer is too short, temporary redundant paths might occur. If the forward delay timer is too long, network convergence might take a long time. HP recommends using the default setting.
• An appropriate hello time setting enables the device to promptly detect link failures on the network without using excessive network resources. If the hello time is too long, the device mistakes packet loss for a link failure and triggers a new spanning tree calculation process. If the hello time is too short, the device frequently sends the same configuration BPDUs, which waste device and network resources. HP recommends using the default setting.
•
If the max age timer is too short, the device frequently begins spanning tree calculations and might mistake network congestion as a link failure. If the max age timer is too long, the device might fail to promptly detect link failures and quickly launch spanning tree calculations, reducing the auto-sensing capability of the network. HP recommends using the default setting.
Configuration procedure
To configure the spanning tree timers:
83
1. Enter system view.
2. Configure the forward delay timer. system-view stp timer forward-delay
time
N/A
The default setting is 15 seconds.
3. Configure the hello timer. stp timer hello time
The default setting is 2 seconds.
4. Configure the max age timer. stp timer max-age time The default setting is 20 seconds.
Configuring the timeout factor
The timeout factor is a parameter used to decide the timeout time, in the following formula: Timeout time
= timeout factor × 3 × hello time.
After the network topology is stabilized, each non-root-bridge device forwards configuration BPDUs to the downstream devices at the hello interval to detect link failures. If a device does not receive a BPDU from the upstream device within nine times the hello time, it assumes that the upstream device has failed and starts a new spanning tree calculation process.
Sometimes a device might fail to receive a BPDU from the upstream device because the upstream device is busy. If a spanning tree calculation occurs, the calculation can fail and also waste network resources.
On a stable network, you can prevent undesired spanning tree calculations by setting the timeout factor to 5, 6, or 7.
To configure the timeout factor:
1. Enter system view.
2. Configure the timeout factor of the device. system-view stp timer-factor factor
N/A
The default setting is 3.
Configuring the BPDU transmission rate
The maximum number of BPDUs a port can send within each hello time equals the BPDU transmission rate plus the hello timer value. Configure an appropriate BPDU transmission rate based on the physical status of the port and the network structure.
The higher the BPDU transmission rate, the more BPDUs are sent within each hello time, and the more system resources are used. By setting an appropriate BPDU transmission rate, you can limit the rate at which the port sends BPDUs and prevent spanning tree protocols from using excessive network resources when the network topology changes. HP recommends using the default setting.
To configure the BPDU transmission rate:
Step Command Remarks
1. Enter system view. system-view N/A
84
Step Command Remarks
2. Enter Layer 2 Ethernet or aggregate interface view. interface interface-type interface-number
3. Configure the BPDU transmission rate of the ports. stp transmit-limit limit
N/A
The default setting is 10.
Configuring edge ports
If a port directly connects to a user terminal rather than another device or a shared LAN segment, this port is regarded as an edge port. When network topology change occurs, an edge port will not cause a temporary loop. Because a device does not determine whether a port is directly connected to a terminal, you must manually configure the port as an edge port. After that, the port can rapidly transit from the blocked state to the forwarding state.
Configuration restrictions and guidelines
When you configure edge ports, follow these restrictions and guidelines:
•
If BPDU guard is disabled, a port set as an edge port becomes a non-edge port again if it receives a BPDU from another port. To restore the edge port, re-enable it.
• If a port directly connects to a user terminal, configure it as an edge port and enable BPDU guard for it. This enables the port to quickly transit to the forwarding state when ensuring network security.
•
On a port, the loop guard function and the edge port setting are mutually exclusive.
Configuration procedure
To specify a port as an edge port:
Step Command Remarks
1. Enter system view.
2. Enter Layer 2 Ethernet or aggregate interface view.
3. Configure the current ports as edge ports. system-view interface interface-type interface-number N/A stp edged-port
N/A
By default, all ports are non-edge ports.
Configuring path costs of ports
Path cost is a parameter related to the rate of a port. On a spanning tree device, a port can have different path costs in different MSTIs. Setting appropriate path costs allows VLAN traffic flows to be forwarded along different physical links, achieving VLAN-based load balancing.
You can have the device automatically calculate the default path cost, or you can configure the path cost for ports.
85
Specifying a standard for the device to use when it calculates the default path cost
CAUTION:
If you change the standard that the device uses to calculate the default path costs, you restore the path costs to the default.
You can specify a standard for the device to use in automatic calculation for the default path cost. The device supports the following standards:
• dot1d-1998—The device calculates the default path cost for ports based on IEEE 802.1d-1998.
• dot1t—The device calculates the default path cost for ports based on IEEE 802.1t.
• legacy—The device calculates the default path cost for ports based on a private standard.
shows the mapping between the link speed and the path cost.
Table 9 Mappings between the link speed and the path cost
Link speed Port type
Path cost
IEEE
802.1d-1998
0 N/A
Single port
Aggregate interface containing 2 Selected ports
10 Mbps
Aggregate interface containing 3 Selected ports
Aggregate interface containing 4 Selected ports
Single port
100 Mbps
1000 Mbps
10 Gbps
Aggregate interface containing 2 Selected ports
Aggregate interface containing 3 Selected ports
Aggregate interface containing 4 Selected ports
Single port
Aggregate interface containing 2 Selected ports
Aggregate interface containing 3 Selected ports
Aggregate interface containing 4 Selected ports
Single port
100
19
4
2
IEEE 802.1t
2000000 2000
1000000 1800
666666 1600
500000 1400
200000 200
100000 180
66666 160
50000 140
20000 20
10000 18
6666 16
5000 14
2000
Private standard
2
86
Link speed Port type
Path cost
IEEE
802.1d-1998
IEEE 802.1t Private standard
Aggregate interface containing 2 Selected ports
1000 1
Aggregate interface containing 3 Selected ports
Aggregate interface containing 4 Selected ports
Configuration restrictions and guidelines
666 1
500 1
When you specify a standard for the device to use when it calculates the default path cost, follow these restrictions and guidelines:
•
When it calculates the path cost for an aggregate interface, IEEE 802.1t takes into account the number of Selected ports in its aggregation group, but IEEE 802.1d-1998 does not. The calculation formula of IEEE 802.1t is: Path cost = 200,000,000/link speed (in 100 kbps), where link speed is the sum of the link speed values of the Selected ports in the aggregation group.
•
IEEE 802.1d-1998 or the private standard always assigns the smallest possible value to a single port or an aggregate interface when the link speed of the port or interface exceeds 10 Gbps. The forwarding path selected based on this criterion might not be the best one. To solve this problem, use dot1t as the standard for default path cost calculation, or manually set the path cost for the port
(see "
Configuring path costs of ports ").
Configuration procedure
To specify a standard for the device to use when it calculates the default path cost:
1. Enter system view.
2. Specify a standard for the device to use when it calculates the default path costs of its ports. system-view stp pathcost-standard
{ dot1d-1998 | dot1t | legacy }
Configuring path costs of ports
N/A
The default setting is legacy.
Step Command Remarks
1. Enter system view.
2. Enter Layer 2 Ethernet or aggregate interface view. system-view N/A interface interface-type interface-number N/A
3. Configure the path cost of the ports.
•
In STP/RSTP mode: stp cost cost
•
In MSTP mode: stp [ instance instance-list ] cost cost
By default, the system automatically calculates the path cost of each port.
87
NOTE:
When the path cost of a port changes, the system re-calculates the role of the port and initiates a state transition.
Configuration example
# In MSTP mode, configure the device to calculate the default path costs of its ports by using IEEE
802.1d-1998, and set the path cost of FortyGigE 1/0/3 to 200 on MSTI 2.
<Sysname> system-view
[Sysname] stp pathcost-standard dot1d-1998
Cost of every port will be reset and automatically re-calculated after you change the current pathcost standard. Continue?[Y/N]:y
Cost of every port has been re-calculated.
[Sysname] interface fortygige 1/0/3
[Sysname-FortyGigE1/0/3] stp instance 2 cost 200
Configuring the port priority
The priority of a port is a factor that determines whether the port can be elected as the root port of a device. If all other conditions are the same, the port with the highest priority is elected as the root port.
On a spanning tree device, a port can have different priorities and play different roles in different spanning trees, so that data of different VLANs can be propagated along different physical paths, implementing per-VLAN load balancing. You can set port priority values based on the actual networking requirements.
To configure the priority of a port:
Step Command Remarks
1. Enter system view.
2. Enter Layer 2 Ethernet or aggregate interface view. system-view interface interface-type interface-number
N/A
N/A
3. Configure the port priority.
•
In STP/RSTP mode: stp port priority priority
•
In MSTP mode: stp [ instance instance-list ] port priority
priority
The default setting is 128 for all ports.
NOTE:
When the priority of a port changes, the system re-calculates the port role and initiates a state transition.
Configuring the port link type
A point-to-point link directly connects two devices. If two root ports or designated ports are connected over a point-to-point link, they can rapidly transit to the forwarding state after a proposal-agreement handshake process.
88
Configuration restrictions and guidelines
When you configure the port link type, follow these restrictions and guidelines:
• You can configure the link type as point-to-point for a Layer 2 aggregate interface or a port that operates in full duplex mode. HP recommends using the default setting and letting the device automatically detect the port link type.
•
The stp point-to-point force-false or stp point-to-point force-true command configured on a port in
MSTP mode is effective on all MSTIs.
• If you configure a non-point-to-point link as a point-to-point link, the configuration might cause a temporary loop.
Configuration procedure
To configure the link type of a port:
1. Enter system view.
2. Enter Layer 2 Ethernet or aggregate interface view.
3. Configure the port link type. system-view interface interface-type
interface-number
N/A
N/A stp point-to-point { auto | force-false
| force-true }
By default, the link type is auto where the port automatically detects the link type.
Configuring the mode a port uses to recognize and send MSTP packets
A port can receive and send MSTP packets in the following formats:
• dot1s—802.1s-compliant standard format
• legacy—Compatible format
When the number of existing MSTIs exceeds 48, the port can send only 802.1s MSTP packets.
By default, the packet format recognition mode of a port is auto. The port automatically distinguishes the two MSTP packet formats, and determines the format of packets that it will send based on the recognized format.
You can configure the MSTP packet format on a port. When operating in MSTP mode after the configuration, the port sends only MSTP packets of the format that you have configured to communicate with devices that send packets of the same format.
A port in auto mode sends 802.1s MSTP packets by default. When the port receives an MSTP packet of a legacy format, the port starts to send packets only of the legacy format. This prevents the port from frequently changing the format of sent packets. To configure the port to send 802.1s MSTP packets, shut down and then bring up the port.
To configure the MSTP packet format to be supported on a port:
89
Step Command Remarks
1. Enter system view.
2. Enter Layer 2 Ethernet or aggregate interface view.
3. Configure the mode that the port uses to recognize/send
MSTP packets. system-view N/A interface interface-type interface-number N/A stp compliance { auto | dot1s | legacy } The default setting is auto.
Enabling outputting port state transition information
In a large-scale spanning tree network, you can enable devices to output the port state transition information of all MSTIs or the specified MSTI in order to monitor the port states in real time.
To enable outputting port state transition information:
Step Command Remarks
1. Enter system view.
2. Enable outputting port state transition information. system-view
•
In STP/RSTP mode: stp port-log instance 0
•
In MSTP mode: stp port-log { all | instance
instance-list }
N/A
By default, this function is enabled.
Enabling the spanning tree feature
You must enable the spanning tree feature for the device before any other spanning tree related configurations can take effect. Make sure the spanning tree feature is enabled globally and on the desired ports.
You can disable the spanning tree feature for certain ports with the undo stp enable command to exclude them from spanning tree calculation and save CPU resources of the device.
To enable the spanning tree feature:
1. Enter system view. system-view
2. Enable the spanning tree feature globally. stp global enable
N/A
•
If the device starts up with the initial settings, by default the spanning tree feature is disabled globally.
•
If the device starts up with the factory defaults, by default the spanning tree feature is enabled globally.
For more information about the startup configuration, see Fundamentals Configuration
Guide.
90
3. Enter Layer 2 Ethernet or aggregate interface view.
4. (Optional.) Enable the spanning tree feature for the port. interface interface-type
interface-number
stp enable
Performing mCheck
N/A
By default, the spanning tree feature is enabled on all ports.
The mCheck feature enables user intervention in the port status transition process.
If a port on a device that is running MSTP or RSTP connects to an STP device, this port automatically transits to STP mode when the port receives STP BPDUs. However, if the peer STP device is shut down or removed and the local device cannot detect the change, the local device cannot automatically transit back to the original mode. To forcibly transit the port to operate in the original mode, you can perform an mCheck operation.
Suppose a scenario where Device A, Device B, and Device C are connected in sequence. Device A runs
STP, Device B does not run any spanning tree protocol, and Device C runs RSTP or MSTP. In this case, when Device C receives an STP BPDU transparently transmitted by Device B, the receiving port transits to the STP mode. If you configure Device B to run RSTP or MSTP with Device C, you must perform mCheck operations on the ports interconnecting Device B and Device C.
The following methods for performing mCheck produce the same result.
Performing mCheck globally
Step Command
1. Enter system view. system-view
2. Perform mCheck. stp global mcheck
Performing mCheck in interface view
Step Command
1. Enter system view. system-view
2. Enter Layer 2 Ethernet or aggregate interface view. interface interface-type interface-number
3. Perform mCheck. stp mcheck
NOTE:
An mCheck operation takes effect on a device that operates in MSTP or RSTP mode.
91
Configuring Digest Snooping
As defined in IEEE 802.1s, connected devices are in the same region only when their MST region-related configurations (region name, revision level, and VLAN-to-instance mappings) are identical. A spanning tree device identifies devices in the same MST region by determining the configuration ID in BPDU packets. The configuration ID includes the region name, revision level, and configuration digest, which is
16-byte long and is the result calculated through the HMAC-MD5 algorithm based on VLAN-to-instance mappings.
Because spanning tree implementations vary by vendor, the configuration digests calculated through private keys are different. The devices of different vendors in the same MST region cannot communicate with each other.
To enable communication between an HP device and a third-party device, enable the Digest Snooping feature on the port that connects the HP device to the third-party device in the same MST region.
Configuration restrictions and guidelines
When you configure Digest Snooping, follow these restrictions and guidelines:
•
Before you enable Digest Snooping, make sure associated devices of different vendors are connected and run spanning tree protocols.
• With Digest Snooping enabled, in-the-same-region verification does not require comparison of configuration digest, so the VLAN-to-instance mappings must be the same on associated ports.
•
With Digest Snooping enabled globally, modify the VLAN-to-instance mappings or execute the undo stp region-configuration command to restore the default MST region configuration with caution. If the local device has different VLAN-to-instance mappings than its neighboring devices, loops or traffic interruption occurs.
•
To make Digest Snooping take effect, you must enable Digest Snooping both globally and on associated ports. HP recommends that you enable Digest Snooping on all associated ports first and then enable it globally. This will make the configuration take effect on all configured ports and reduce impact on the network.
•
To prevent loops, do not enable Digest Snooping on MST region edge ports.
• HP recommends that you enable Digest Snooping first and then the spanning tree feature. To avoid traffic interruption, do not configure Digest Snooping when the network is already working well.
Configuration procedure
You can enable Digest Snooping only on the HP device that is connected to a third-party device that uses its private key to calculate the configuration digest.
To configure Digest Snooping:
Step Command
1. Enter system view.
2. Enter Layer 2 Ethernet or aggregate interface view. system-view interface interface-type
interface-number
Remarks
N/A
N/A
92
Step Command
3. Enable Digest Snooping on the interface. stp config-digest-snooping
Remarks
By default, Digest Snooping is disabled on ports.
4.
Return to system view.
5. Enable Digest Snooping globally. quit stp global config-digest-snooping
Digest Snooping configuration example
N/A
By default, Digest Snooping is disabled globally.
Network requirements
As shown in
, Device A and Device B connect to Device C, which is a third-party device. All these devices are in the same region.
Enable Digest Snooping on the ports of Device A and Device B that connect to Device C, so that the three devices can communicate with one another.
Figure 23 Network diagram
MST region
Device C
(Root bridge)
FGE1/0/1
FGE1/0/1 FGE1/0/2
FGE1/0/1
Root port
Designated port
Blocked port
Normal link
Blocked link
FGE1/0/2 FGE1/0/2
Device A Device B
Configuration procedure
# Enable Digest Snooping on FortyGigE 1/0/1 of Device A and enable global Digest Snooping on
Device A.
<DeviceA> system-view
[DeviceA] interface fortygige 1/0/1
[DeviceA-FortyGigE1/0/1] stp config-digest-snooping
[DeviceA-FortyGigE1/0/1] quit
[DeviceA] stp global config-digest-snooping
# Enable Digest Snooping on FortyGigE 1/0/1 of Device B and enable global Digest Snooping on
Device B.
<DeviceB> system-view
[DeviceB] interface fortygige 1/0/1
[DeviceB-FortyGigE1/0/1] stp config-digest-snooping
93
[DeviceB-FortyGigE1/0/1] quit
[DeviceB] stp global config-digest-snooping
Configuring No Agreement Check
In RSTP and MSTP, the following types of messages are used for rapid state transition on designated ports:
•
Proposal—Sent by designated ports to request rapid transition
•
Agreement—Used to acknowledge rapid transition requests
Both RSTP and MSTP devices can perform rapid transition on a designated port only when the port receives an agreement packet from the downstream device. RSTP and MSTP devices have the following differences:
•
For MSTP, the root port of the downstream device sends an agreement packet only after it receives an agreement packet from the upstream device.
• For RSTP, the downstream device sends an agreement packet regardless of whether an agreement packet from the upstream device is received.
Figure 24 Rapid state transition of an MSTP designated port
Figure 25 Rapid state transition of an RSTP designated port
If the upstream device is a third-party device, the rapid state transition implementation might be limited.
For example, when the upstream device uses a rapid transition mechanism similar to that of RSTP, and the downstream device adopts MSTP and does not operate in RSTP mode, the root port on the downstream
94
device receives no agreement packet from the upstream device and sends no agreement packets to the upstream device. As a result, the designated port of the upstream device fails to transit rapidly, and can only change to the forwarding state after a period twice the Forward Delay.
You can enable the No Agreement Check feature on the downstream device's port to enable the designated port of the upstream device to transit its state rapidly.
Configuration prerequisites
Before you configure the No Agreement Check function, complete the following tasks:
•
Connect a device to a third-party upstream device that supports spanning tree protocols through a point-to-point link.
•
Configure the same region name, revision level and VLAN-to-instance mappings on the two devices, assigning them to the same region.
Configuration procedure
Enable the No Agreement Check feature on the root port.
To configure No Agreement Check:
Step Command Remarks
1. Enter system view.
2. Enter Layer 2 Ethernet or aggregate interface view.
3. Enable No Agreement
Check. system-view interface interface-type interface-number stp no-agreement-check
N/A
N/A
By default, No Agreement
Check is disabled.
No Agreement Check configuration example
Network requirements
As shown in
:
•
Device A connects to a third-party device that has a different spanning tree implementation. Both devices are in the same region.
• The third-party device (Device B) is the regional root bridge, and Device A is the downstream device.
Figure 26 Network diagram
95
Configuration procedure
# Enable No Agreement Check on FortyGigE 1/0/1 of Device A.
<DeviceA> system-view
[DeviceA] interface fortygige 1/0/1
[DeviceA-FortyGigE1/0/1] stp no-agreement-check
Configuring protection functions
A spanning tree device supports the following protection functions:
•
BPDU guard
•
Root guard
• Loop guard
•
Port role restriction
•
TC-BPDU transmission restriction
•
TC-BPDU guard
Enabling BPDU guard
For access layer devices, the access ports can directly connect to the user terminals (such as PCs) or file servers. The access ports are configured as edge ports to allow rapid transition. When these ports receive configuration BPDUs, the system automatically sets the ports as non-edge ports and starts a new spanning tree calculation process. This causes a change of network topology. Under normal conditions, these ports should not receive configuration BPDUs. However, if someone forges configuration BPDUs maliciously to attack the devices, the network will become unstable.
The spanning tree protocol provides the BPDU guard function to protect the system against such attacks.
With the BPDU guard function enabled on the devices, when edge ports receive configuration BPDUs, the system closes these ports and notifies the NMS that these ports have been closed by the spanning tree protocol. The device reactivates the closed ports after a detection interval. For more information about this detection interval, see Fundamentals Configuration Guide.
BPDU guard does not take effect on loopback-testing-enabled ports. For more information about loopback testing, see "
Configuring Ethernet interfaces ."
Configure BPDU guard on a device with edge ports configured.
To enable BPDU guard:
1. Enter system view.
2. Enable the BPDU guard function for the device.
Enabling root guard
system-view stp bpdu-protection
N/A
By default, BPDU guard is disabled.
The root bridge and secondary root bridge of a spanning tree should be located in the same MST region.
Especially for the CIST, the root bridge and secondary root bridge are put in a high-bandwidth core
96
region during network design. However, due to possible configuration errors or malicious attacks in the network, the legal root bridge might receive a configuration BPDU with a higher priority. Another device supersedes the current legal root bridge, causing an undesired change of the network topology. The traffic that should go over high-speed links is switched to low-speed links, resulting in network congestion.
To prevent this situation, MSTP provides the root guard function. If the root guard function is enabled on a port of a root bridge, this port plays the role of designated port on all MSTIs. After this port receives a configuration BPDU with a higher priority from an MSTI, it immediately sets that port to the listening state in the MSTI, without forwarding the packet. This is equivalent to disconnecting the link connected with this port in the MSTI. If the port receives no BPDUs with a higher priority within twice the forwarding delay, it reverts to its original state.
On a port, the loop guard function and the root guard function are mutually exclusive.
Configure root guard on a designated port.
To enable root guard:
Step Command Remarks
1. Enter system view.
2. Enter Layer 2 Ethernet or aggregate interface view.
3. Enable the root guard function. system-view interface interface-type interface-number stp root-protection
N/A
N/A
By default, root guard is disabled.
Enabling loop guard
By continuing to receive BPDUs from the upstream device, a device can maintain the state of the root port and blocked ports. However, link congestion or unidirectional link failures might cause these ports to fail to receive BPDUs from the upstream devices. The device reselects the port roles: Those ports in forwarding state that failed to receive upstream BPDUs become designated ports, and the blocked ports transit to the forwarding state, resulting in loops in the switched network. The loop guard function can suppress the occurrence of such loops.
The initial state of a loop guard-enabled port is discarding in every MSTI. When the port receives BPDUs, it transits its state. Otherwise, it stays in the discarding state to prevent temporary loops.
Do not enable loop guard on a port that connects user terminals. Otherwise, the port stays in the discarding state in all MSTIs because it cannot receive BPDUs.
On a port, the loop guard function is mutually exclusive with the root guard function or the edge port setting.
Configure loop guard on the root port and alternate ports of a device.
To enable loop guard:
Step Command Remarks
1. Enter system view.
2. Enter Layer 2 Ethernet or aggregate interface view. system-view interface interface-type interface-number
N/A
N/A
97
Step Command Remarks
3. Enable the loop guard function for the ports. stp loop-protection
By default, loop guard is disabled.
Configuring port role restriction
CAUTION:
Use this feature with caution, because enabling port role restriction on a port might affect the connectivity of the spanning tree topology.
The change to the bridge ID of a device in the user access network might cause a change to the spanning tree topology in the core network. To avoid this problem, you can enable port role restriction on a port.
With this feature enabled, when the port receives a superior BPDU, it becomes an alternate port rather than a root port.
Make this configuration on the port that connects to the user access network.
To configure port role restriction:
Step
1. Enter system view.
2. Enter Layer 2 Ethernet or aggregate interface view.
3.
Enable port role restriction.
Command system-view N/A interface interface-type
interface-number
stp role-restriction
Remarks
N/A
By default, port role restriction is disabled.
Configuring TC-BPDU transmission restriction
CAUTION:
Enabling TC-BPDU transmission restriction on a port might cause the previous forwarding address table to fail to be updated when the topology changes.
The topology change to the user access network might cause the forwarding address changes to the core network. When the user access network topology is unstable, the user access network might affect the core network. To avoid this problem, you can enable TC-BPDU transmission restriction on a port. With this feature enabled, when the port receives a TC-BPDU, it does not forward the TC-BPDU to other ports.
Make this configuration on the port that connects to the user access network.
To configure TC-BPDU transmission restriction:
Step
1. Enter system view.
2. Enter Layer 2 Ethernet or aggregate interface view.
3. Enable TC-BPDU transmission restriction.
Command Remarks system-view N/A interface interface-type
interface-number
stp tc-restriction
N/A
By default, TC-BPDU transmission restriction is disabled.
98
Enabling TC-BPDU guard
When a device receives topology change (TC) BPDUs (the BPDUs that notify devices of topology changes), it flushes its forwarding address entries. If someone forges TC-BPDUs to attack the device, the device will receive a large number of TC-BPDUs within a short time and be busy with forwarding address entry flushing. This affects network stability.
With the TC-BPDU guard function, you can set the maximum number of immediate forwarding address entry flushes that the device can perform within a specified period of time (10 seconds) after it receives the first TC-BPDU. For TC-BPDUs received in excess of the limit, the device performs a forwarding address entry flush when the time period expires. This prevents frequent flushing of forwarding address entries.
To enable TC-BPDU guard:
1. Enter system view.
2. Enable the TC-BPDU guard function. system-view stp tc-protection
N/A
By default, TC-BPDU guard is enabled.
HP recommends not disabling this feature.
3. (Optional.) Configure the maximum number of forwarding address entry flushes that the device can perform every
10 seconds. stp tc-protection threshold
number
The default setting is 6.
Displaying and maintaining the spanning tree
Execute display commands in any view and reset command in user view.
Task Command
Display information about ports blocked by spanning tree protection functions. display stp abnormal-port
Display BPDU statistics on ports. display stp bpdu-statistics [ interface
interface-type interface-number [ instance
instance-list ] ]
Display information about ports shut down by spanning tree protection functions.
Display the historical information of port role calculation for the specified MSTI or all MSTIs (in standalone mode).
Display the historical information of port role calculation for the specified MSTI or all MSTIs (in IRF mode).
Display the statistics of TC/TCN BPDUs sent and received by all ports in the specified MSTI or all MSTIs (in standalone mode). display stp down-port display stp [ instance instance-list ] history [ slot
slot-number ] display stp [ instance instance-list ] history [ chassis
chassis-number slot slot-number ] display stp [ instance instance-list ] tc [ slot
slot-number ]
99
Task Command
Display the statistics of TC/TCN BPDUs sent and received by all ports in the specified MSTI or all MSTIs (in IRF mode).
Display the spanning tree status and statistics (in standalone mode).
Display the spanning tree status and statistics (in IRF mode). display stp [ instance instance-list ] tc [ chassis
chassis-number slot slot-number ] display stp [ instance instance-list ] [ interface
interface-list | slot slot-number ] [ brief ] display stp [ instance instance-list ] [ interface
interface-list | chassis chassis-number slot
slot-number ] [ brief ]
Display the MST region configuration information that has taken effect.
Display the root bridge information of all MSTIs.
Clear the spanning tree statistics. display stp region-configuration display stp root reset stp [ interface interface-list ]
Spanning tree configuration example
Network requirements
As shown in
Figure 27 , all devices on the network are in the same MST region. Device A and Device B
work at the distribution layer. Device C and Device D work at the access layer.
Configure MSTP so that packets of different VLANs are forwarded along different spanning trees: Packets of VLAN 10 are forwarded along MSTI 1, those of VLAN 30 are forwarded along MSTI 3, those of VLAN
40 are forwarded along MSTI 4, and those of VLAN 20 are forwarded along MSTI 0.
VLAN 10 and VLAN 30 are terminated on the distribution layer devices, and VLAN 40 is terminated on the access layer devices. The root bridges of MSTI 1 and MSTI 3 are Device A and Device B, respectively, and the root bridge of MSTI 4 is Device C.
Figure 27 Network diagram
MST region
Device A Device B
Permit: all VLAN
FGE1/0/3
FG
E1/0
/2
FGE1/0/3
FG
E1
/0/
2
Permit: VLAN 10, 20
FG
E1
/0/
2
FGE1/0/3
Pe rm it:
V
LA
N
10
, 2
0
Per mit:
VL
AN
Permit: VLAN 20, 40
20
, 30
Device C
Permit: VLAN 20, 30
FG
E1/0
/2
FGE1/0/3
Device D
100
Configuration procedure
1. Configure VLANs and VLAN member ports: (Details not shown.)
{
Create VLAN 10, VLAN 20, and VLAN 30 on both Device A and Device B.
{
{
Create VLAN 10, VLAN 20, and VLAN 40 on Device C.
Create VLAN 20, VLAN 30, and VLAN 40 on Device D.
{
Configure the ports on these devices as trunk ports and assign them to related VLANs.
2. Configure Device A:
# Enter MST region view, and configure the MST region name as example.
<DeviceA> system-view
[DeviceA] stp region-configuration
[DeviceA-mst-region] region-name example
# Map VLAN 10, VLAN 30, and VLAN 40 to MSTI 1, MSTI 3, and MSTI 4, respectively.
[DeviceA-mst-region] instance 1 vlan 10
[DeviceA-mst-region] instance 3 vlan 30
[DeviceA-mst-region] instance 4 vlan 40
# Configure the revision level of the MST region as 0.
[DeviceA-mst-region] revision-level 0
# Activate MST region configuration.
[DeviceA-mst-region] active region-configuration
[DeviceA-mst-region] quit
# Specify the current device as the root bridge of MSTI 1.
[DeviceA] stp instance 1 root primary
# Enable the spanning tree feature globally.
[DeviceA] stp global enable
3. Configure Device B:
# Enter MST region view, and configure the MST region name as example.
<DeviceB> system-view
[DeviceB] stp region-configuration
[DeviceB-mst-region] region-name example
# Map VLAN 10, VLAN 30, and VLAN 40 to MSTI 1, MSTI 3, and MSTI 4, respectively.
[DeviceB-mst-region] instance 1 vlan 10
[DeviceB-mst-region] instance 3 vlan 30
[DeviceB-mst-region] instance 4 vlan 40
# Configure the revision level of the MST region as 0.
[DeviceB-mst-region] revision-level 0
# Activate MST region configuration.
[DeviceB-mst-region] active region-configuration
[DeviceB-mst-region] quit
# Specify the current device as the root bridge of MSTI 3.
[DeviceB] stp instance 3 root primary
# Enable the spanning tree feature globally.
[DeviceB] stp global enable
4. Configure Device C:
101
# Enter MST region view, and configure the MST region name as example.
<DeviceC> system-view
[DeviceC] stp region-configuration
[DeviceC-mst-region] region-name example
# Map VLAN 10, VLAN 30, and VLAN 40 to MSTI 1, MSTI 3, and MSTI 4, respectively.
[DeviceC-mst-region] instance 1 vlan 10
[DeviceC-mst-region] instance 3 vlan 30
[DeviceC-mst-region] instance 4 vlan 40
# Configure the revision level of the MST region as 0.
[DeviceC-mst-region] revision-level 0
# Activate MST region configuration.
[DeviceC-mst-region] active region-configuration
[DeviceC-mst-region] quit
# Specify the current device as the root bridge of MSTI 4.
[DeviceC] stp instance 4 root primary
# Enable the spanning tree feature globally.
[DeviceC] stp global enable
5. Configure Device D:
# Enter MST region view, and configure the MST region name as example.
<DeviceD> system-view
[DeviceD] stp region-configuration
[DeviceD-mst-region] region-name example
# Map VLAN 10, VLAN 30, and VLAN 40 to MSTI 1, MSTI 3, and MSTI 4, respectively.
[DeviceD-mst-region] instance 1 vlan 10
[DeviceD-mst-region] instance 3 vlan 30
[DeviceD-mst-region] instance 4 vlan 40
# Configure the revision level of the MST region as 0.
[DeviceD-mst-region] revision-level 0
# Activate MST region configuration.
[DeviceD-mst-region] active region-configuration
[DeviceD-mst-region] quit
# Enable the spanning tree feature globally.
[DeviceD] stp global enable
Verifying the configuration
In this example, suppose that Device B has the lowest root bridge ID. As a result, Device B is elected as the root bridge in MSTI 0.
You can use the display stp brief command to display brief spanning tree information on each device after the network is stable.
# Display brief spanning tree information on Device A.
[DeviceA] display stp brief
[DeviceA] display stp brief
MSTID Port Role STP State Protection
0 FortyGigE1/0/1 ALTE DISCARDING NONE
102
0 FortyGigE1/0/2 DESI FORWARDING NONE
0 FortyGigE1/0/3 ROOT FORWARDING NONE
1 FortyGigE1/0/1 DESI FORWARDING NONE
1 FortyGigE1/0/3 DESI FORWARDING NONE
3 FortyGigE1/0/2 DESI FORWARDING NONE
3 FortyGigE1/0/3 ROOT FORWARDING NONE
# Display brief spanning tree information on Device B.
[DeviceB] display stp brief
MSTID Port Role STP State Protection
0 FortyGigE1/0/1 DESI FORWARDING NONE
0 FortyGigE1/0/2 DESI FORWARDING NONE
0 FortyGigE1/0/3 DESI FORWARDING NONE
1 FortyGigE1/0/2 DESI FORWARDING NONE
1 FortyGigE1/0/3 ROOT FORWARDING NONE
3 FortyGigE1/0/1 DESI FORWARDING NONE
3 FortyGigE1/0/3 DESI FORWARDING NONE
# Display brief spanning tree information on Device C.
[DeviceC] display stp brief
MSTID Port Role STP State Protection
0 FortyGigE1/0/1 DESI FORWARDING NONE
0 FortyGigE1/0/2 ROOT FORWARDING NONE
0 FortyGigE1/0/3 DESI FORWARDING NONE
1 FortyGigE1/0/1 ROOT FORWARDING NONE
1 FortyGigE1/0/2 ALTE DISCARDING NONE
4 FortyGigE1/0/3 DESI FORWARDING NONE
# Display brief spanning tree information on Device D.
[DeviceD] display stp brief
MSTID Port Role STP State Protection
0 FortyGigE1/0/1 ROOT FORWARDING NONE
0 FortyGigE1/0/2 ALTE DISCARDING NONE
0 FortyGigE1/0/3 ALTE DISCARDING NONE
3 FortyGigE1/0/1 ROOT FORWARDING NONE
3 FortyGigE1/0/2 ALTE DISCARDING NONE
4 FortyGigE1/0/3 ROOT FORWARDING NONE
Based on the output, you can draw each MSTI mapped to each VLAN, as shown in
.
103
Figure 28 MSTIs mapped to different VLANs
A B A
C
MSTI 1 mapped to VLAN 10
A B
B
C
MSTI 0 mapped to VLAN 20
D
MSTI 3 mapped to VLAN 30
Root bridge
D
Normal link
C
MSTI 4 mapped to VLAN 40
Blocked link
D
104
Configuring loop detection
Overview
Incorrect network connections or configurations can create Layer 2 loops, which results in repeated transmission of broadcasts, multicasts, or unknown unicasts, waste network resources, and sometimes even paralyze networks. The loop detection mechanism immediately generates a log when a loop occurs so that you are promptly notified to adjust network connections and configurations. You can even configure loop detection to shut down the looped port. Logs are maintained in the information center. For more information, see Network Management and Monitoring Configuration Guide.
Loop detection mechanism
The device detects loops by sending detection frames and then checking whether these frames return to any port on the device. If they do, the device considers that the port is on a looped link.
Figure 29 Ethernet frame header for loop detection
The Ethernet frame header for loop detection contains the following fields:
• DMAC—Destination MAC address of the frame, which is the multicast MAC address
010F-E200-0007. When a loop detection-enabled device receives a frame with this destination
MAC address, it sends the frame to the CPU and floods the frame in the VLAN from which the frame was originally received.
• SMAC—Source MAC address of the frame, which is the bridge MAC address of the sending device.
•
TPID—Type of the VLAN tag, with the value of 0x8100.
•
TCI—Information of the VLAN tag, including the priority and VLAN ID.
• Type—Protocol type, with the value of 0x8918.
Figure 30 Inner frame header for loop detection
The inner frame header for loop detection contains the following fields:
•
Code—Protocol sub-type, which is 0x0001, indicating the loop detection protocol.
105
• Version—Protocol version, which is always 0x0000.
•
Length—Length of the frame. The value includes the inner header, but excludes the Ethernet header.
•
Reserved—This field is reserved.
Frames for loop detection are encapsulated as TLV triplets.
Table 10 TLVs supported by loop detection
TLV
End of PDU
Device ID
Port ID
Port Name
System Name
Chassis ID
Description
End of a PDU.
Bridge MAC address of the sending device.
ID of the PDU sending port.
Name of the PDU sending port.
Device name.
Chassis ID of the sending port.
Slot ID Slot ID of the sending port.
Sub Slot ID Sub-slot ID of the sending port.
Loop detection uses the following important concepts.
Remarks
Optional.
Required.
Optional.
Optional.
Optional.
Optional.
Optional.
Optional.
Loop detection interval
Loop detection is a continuous process as the network changes. Loop detection frames are sent at a specified interval (called a "loop detection interval") to check whether loops occur on ports and whether loops are removed.
Loop protection actions
When the device detects a loop on a port, it generates a log but performs no action on the port by default.
You can configure the device to take one of the following actions:
• Block—Disables the port from learning MAC addresses and blocks inbound traffic to the port.
•
No-learning—Disables the port from learning MAC addresses.
•
Shutdown—Shuts down the port to disable it from receiving and sending any frames.
Port status auto recovery
When the device configured with the block or no-learning loop action detects a loop on a port, it performs the action and waits three loop detection intervals. If the device does not receive a loop detection frame within three loop detection intervals, it performs the following tasks:
• Automatically sets the port to the forwarding state.
•
Notifies the user of the event.
When the device configured with the shutdown action detects a loop on a port, the following events occur:
106
1. The device automatically shuts down the port.
2. The device automatically sets the port to the forwarding state after the detection timer configured by using the shutdown-interval command expires. For more information about the shutdown-interval command, see Fundamentals Command Reference.
3. The device shuts down the port again if a loop is still detected on the port when the detection timer expires.
This process is repeated until the loop is removed.
NOTE:
Incorrect recovery can occur when loop detection frames are discarded to reduce the load. To avoid this, use the shutdown action, or manually remove the loop.
Loop detection configuration task list
Tasks at a glance
(Required.) Enabling loop detection
(Optional.) Configuring the loop protection action
(Optional.) Setting the loop detection interval
Enabling loop detection
You can enable loop detection globally or on specific ports. The global configuration applies to all ports in the specified VLAN. The per-port configuration applies to the individual port only when the port belongs to the specified VLAN. Per-port configurations take precedence over global configurations.
Enabling loop detection globally
Step Command
1. Enter system view. system-view
2. Globally enable loop detection. loopback-detection global enable vlan { vlan-list | all }
Enabling loop detection on a port
Remarks
N/A
Disabled by default.
Step Command
1. Enter system view. system-view
2. Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view. interface interface-type
interface-number
3. Enable loop detection on the port. loopback-detection enable vlan
{ vlan-list | all }
107
Remarks
N/A
N/A
Disabled by default.
Configuring the loop protection action
You can configure the loop protection action globally or on specific ports. The global configuration applies to all ports. The per-port configuration applies to the individual ports. The per-port configuration takes precedence over the global configuration.
Configuring the global loop protection action
Step Command
1. Enter system view. system-view
2. Configure the global loop protection action. loopback-detection global action shutdown
Remarks
N/A
By default, the device generates a log but performs no action on the port on which a loop is detected.
Configuring the loop protection action on a Layer 2 Ethernet interface
Step Command
1. Enter system view. system-view
2. Enter Layer 2 Ethernet interface view. interface interface-type
interface-number
3. Configure the loop protection action on the interface.
Remarks
N/A
N/A loopback-detection action { block | no-learning | shutdown }
By default, the device generates a log but performs no action on the port on which a loop is detected.
Configuring the loop protection action on a Layer 2 aggregate interface
Step Command
1. Enter system view. system-view
2. Enter Layer 2 aggregate interface view. interface bridge-aggregation
interface-number
3. Configure the loop protection action on the interface. loopback-detection action shutdown
Remarks
N/A
N/A
By default, the device generates a log but performs no action on the port on which a loop is detected.
108
Setting the loop detection interval
With loop detection enabled, the device sends loop detection frames at a specified interval. A shorter interval offers more sensitive detection but consumes more resources. Consider the system performance and loop detection speed when you set the loop detection interval.
To set the loop detection interval:
Step Command
1. Enter system view. system-view
Remarks
N/A
2. Set the loop detection interval. loopback-detection interval-time
The default setting is 30 seconds.
Displaying and maintaining loop detection
Execute display commands in any view.
Task Command
Display the loop detection configuration and status. display loopback-detection
Loop detection configuration example
Network requirements
As shown in Figure 31 , configure loop detection on Device A, so that Device A generates a log as a
notification and automatically shuts down the port on which a loop is detected.
Figure 31 Network diagram
Device A
Device B
FGE1/0/1 FGE1/0/2
VLAN 100
Device C
109
Configuration procedure
1. Configure Device A:
# Create VLAN 100, and globally enable loop detection for the VLAN.
<DeviceA> system-view
[DeviceA] vlan 100
[DeviceA-vlan100] quit
[DeviceA] loopback-detection global enable vlan 100
# Configure FortyGigE 1/0/1 and FortyGigE 1/0/2 as trunk ports, and assign them to VLAN
100.
[DeviceA] interface fortygige 1/0/1
[DeviceA-FortyGigE1/0/1] port link-type trunk
[DeviceA-FortyGigE1/0/1] port trunk permit vlan 100
[DeviceA-FortyGigE1/0/1] quit
[DeviceA] interface fortygige 1/0/2
[DeviceA-FortyGigE1/0/2] port link-type trunk
[DeviceA-FortyGigE1/0/2] port trunk permit vlan 100
[DeviceA-FortyGigE1/0/2] quit
# Configure the global loop protection action as shutdown.
[DeviceA] loopback-detection global action shutdown
# Set the loop detection interval to 35 seconds.
[DeviceA] loopback-detection interval-time 35
2. Configure Device B:
# Create VLAN 100.
<DeviceB> system-view
[DeviceB] vlan 100
[DeviceB–vlan100] quit
# Configure FortyGigE 1/0/1 and FortyGigE 1/0/2 as trunk ports, and assign them to VLAN
100.
[DeviceB] interface fortygige 1/0/1
[DeviceB-FortyGigE1/0/1] port link-type trunk
[DeviceB-FortyGigE1/0/1] port trunk permit vlan 100
[DeviceB-FortyGigE1/0/1] quit
[DeviceB] interface fortygige 1/0/2
[DeviceB-FortyGigE1/0/2] port link-type trunk
[DeviceB-FortyGigE1/0/2] port trunk permit vlan 100
[DeviceB-FortyGigE1/0/2] quit
3. Configure Device C:
# Create VLAN 100.
<DeviceC> system-view
[DeviceC] vlan 100
[DeviceC–vlan100] quit
# Configure FortyGigE 1/0/1 and FortyGigE 1/0/2 as trunk ports, and assign them to VLAN
100.
[DeviceC] interface fortygige 1/0/1
[DeviceC-FortyGigE1/0/1] port link-type trunk
110
[DeviceC-FortyGigE1/0/1] port trunk permit vlan 100
[DeviceC-FortyGigE1/0/1] quit
[DeviceC] interface fortygige 1/0/2
[DeviceC-FortyGigE1/0/2] port link-type trunk
[DeviceC-FortyGigE1/0/2] port trunk permit vlan 100
[DeviceC-FortyGigE1/0/2] quit
Verifying the configuration
After the configurations are complete, Device A detects loops on ports FortyGigE 1/0/1 and
FortyGigE 1/0/2 within a loop detection interval. Consequently, Device A automatically shuts down the ports and generates the following log messages:
[DeviceA]
%Feb 24 15:04:29:663 2011 DeviceA LPDT/4/LOOPED:Slot=1;
Loopback exists on FortyGigE 1/0/1.
%Feb 24 15:04:29:667 2011 DeviceA LPDT/4/LOOPED:Slot=1;
Loopback exists on FortyGigE 1/0/2.
%Feb 24 15:04:44:243 2011 DeviceA LPDT/4/RECOVERED:Slot=1;
Loopback on FortyGigE 1/0/1 recovered.
%Feb 24 15:04:44:248 2011 DeviceA LPDT/4/RECOVERED:Slot=1;
Loopback on FortyGigE 1/0/2 recovered.
Use the display loopback-detection command to display the loop detection configuration and status on Device A.
# Display the loop detection configuration and status on Device A.
[DeviceA] display loopback-detection
Loop detection is enabled.
Loop detection interval is 35 second(s).
No loopback is detected.
The output shows that the device has removed the loops from FortyGigE 1/0/1 and FortyGigE
1/0/2 according to the shutdown action. Use the display interface command to display the status of FortyGigE 1/0/1 and FortyGigE 1/0/2 on Device A.
# Display the status of FortyGigE 1/0/1 on Device A.
[DeviceA] display interface fortygige 1/0/1
FortyGigE 1/0/1 current state: DOWN (Loop detection down)
...
# Display the status of FortyGigE 1/0/2 on Device A.
[DeviceA] display interface fortygige 1/0/2
FortyGigE 1/0/2 current state: DOWN (Loop detection down)
...
The output shows that FortyGigE 1/0/1 and FortyGigE 1/0/2 are already shut down by the loop detection module.
111
Configuring VLANs
This chapter provides an overview of VLANs and explains how to configure them.
Overview
Ethernet is a family of shared-media LAN technologies based on the CSMA/CD mechanism. An Ethernet
LAN is both a collision domain and a broadcast domain. Because the medium is shared, collisions and broadcasts are common in an Ethernet LAN. Typically, bridges and Layer 2 switches can reduce collisions in an Ethernet LAN. To confine broadcasts, a Layer 2 switch must use the Virtual Local Area
Network (VLAN) technology.
VLANs enable a Layer 2 switch to break a LAN down into smaller broadcast domains, as shown
Figure 32 A VLAN diagram
VLAN 2
Switch A Switch B
Router
VLAN 5
A VLAN is logically divided on an organizational basis rather than on a physical basis. For example, you can assign all workstations and servers used by a particular workgroup to the same VLAN, regardless of their physical locations. Hosts in the same VLAN can directly communicate with one another. You need a router or a Layer 3 switch for hosts in different VLANs to communicate with one another.
All these VLAN features reduce bandwidth waste, improve LAN security, and enable flexible virtual group creation.
VLAN frame encapsulation
To identify Ethernet frames from different VLANs, IEEE 802.1Q inserts a four-byte VLAN tag between the destination and source MAC address (DA & SA) field and the upper layer protocol type (Type) field, as shown in
112
Figure 33 VLAN tag placement and format
A VLAN tag includes the following fields:
•
TPID—16-bit tag protocol identifier that indicates whether a frame is VLAN-tagged. By default, the
TPID value is 0x8100, indicating that the frame is VLAN-tagged. However, device vendors can set
TPID to different values. For compatibility with neighbor devices, configure the TPID value on the device to be the same as the neighbor device.
•
Priority—3-bit long 802.1p priority of the frame. For more information, see ACL and QoS
Configuration Guide.
• CFI—1-bit long canonical format indicator that indicates whether the MAC addresses are encapsulated in the standard format when packets are transmitted across different media. Value 0
(the default) indicates that the MAC addresses are encapsulated in the standard format. Value 1 indicates that MAC addresses are encapsulated in a non-standard format. The CFI is 0 in Ethernet.
•
VLAN ID—12-bit long, identifies the VLAN that the frame belongs to. The VLAN ID range is 0 to
4095. VLAN IDs 0 and 4095 are reserved, and VLAN IDs 1 to 4094 are user configurable.
A network device handles an incoming frame depending on whether the frame is VLAN tagged and the value of the VLAN tag, if any. For more information, see "
Introduction to port-based VLAN ."
Ethernet supports encapsulation formats Ethernet II, 802.3/802.2 LLC, 802.3/802.2 SNAP, and 802.3 raw. The Ethernet II encapsulation format is used here. For how the VLAN tag fields are added to frames encapsulated in the other formats for VLAN identification, see related protocols and standards.
For a frame with multiple VLAN tags, the device handles it according to its outer-most VLAN tag and transmits its inner VLAN tags as payload.
Protocols and standards
IEEE 802.1Q, IEEE Standard for Local and Metropolitan Area Networks: Virtual Bridged Local Area
Networks
Configuring basic VLAN settings
Step Command
1. Enter system view. system-view
2. (Optional.) Create a
VLAN and enter its view, or create a list of VLANs. vlan { vlan-id1 [ to vlan-id2 ] | all }
3. Enter VLAN view.
4. Configure a name for the VLAN. vlan vlan-id name text
Remarks
N/A
By default, only the system default VLAN
(VLAN 1) exists.
To configure a specific VLAN after you create a list of VLANs, you must perform this step.
By default, VLAN names are in the format
VLAN vlan-id. For example, the name of
VLAN 100 is VLAN 0100 by default.
113
Step Command
5. Configure the description of the VLAN. description text
Remarks
The default setting is VLAN vlan-id, which is the ID of the VLAN. For example, the description of VLAN 100 is VLAN 0100 by default.
NOTE:
• As the system default VLAN, VLAN 1 cannot be created or removed.
•
You cannot use the undo vlan command to delete a dynamic VLAN, a VLAN with a QoS policy applied, or a VLAN locked by an application. To delete such a VLAN, first remove the configuration from the VLAN.
Configuring basic settings of a VLAN interface
For hosts of different VLANs to communicate at Layer 3, you can use VLAN interfaces. VLAN interfaces are virtual interfaces used for Layer 3 communication between different VLANs. They do not exist as physical entities on devices. For each VLAN, you can create one VLAN interface. You can assign the
VLAN interface an IP address and specify it as the gateway of the VLAN to forward packets destined for an IP subnet different from that of the VLAN.
When you configure a VLAN interface, follow these guidelines:
•
Before you create a VLAN interface for a VLAN, create the VLAN first.
• You cannot create a VLAN interface for a sub VLAN.
To configure basic settings of a VLAN interface:
Step Command
1. Enter system view. system-view
2. Create a VLAN interface and enter VLAN interface view. interface vlan-interface
vlan-interface-id
3. Assign an IP address to the
VLAN interface.
4. Configure the description of the VLAN interface. ip address ip-address { mask |
mask-length } [ sub ] description text
Remarks
N/A
If the VLAN interface already exists, you enter its view directly.
By default, no VLAN interface is created.
By default, no IP address is assigned to any VLAN interface.
The default setting is the VLAN interface name. For example, Vlan-interface1
Interface.
5. (Optional.) Specify a line processing unit (LPU) for forwarding the traffic on the current VLAN interface
(in standalone mode).
6. (Optional.) Specify an LPU for forwarding the traffic on the current VLAN interface
(in IRF mode). service slot slot-number service chassis chassis-number slot slot-number
By default, no LPU is specified.
By default, no IRF member device or LPU is specified.
114
Step Command
7. Configure the expected bandwidth of the interface. bandwidth bandwidth-value
8. (Optional.) Restore the default settings for the
VLAN interface. default
Remarks
By default, the expected bandwidth (in kbps) is the interface baud rate divided by 1000.
N/A
9. (Optional.) Cancel the action of manually shutting down the VLAN interface. undo shutdown
By default, a VLAN interface is not manually shut down. The VLAN interface is up if one or more ports in the VLAN is up, and goes down if all ports in the
VLAN go down.
Reserving VLAN interface resources
The system provides 4094 Layer 3 interface hardware resources for Layer 3 interfaces and subinterfaces.
By default, these Layer 3 interface resources are assigned to 4094 VLAN interfaces.
Use this feature to reserve VLAN interface resources for the following types of Layer 3 interfaces and subinterfaces before you create them:
• Layer 3 Ethernet interfaces switched from Layer 2 Ethernet interfaces.
• Layer 3 Ethernet subinterfaces.
•
Layer 3 aggregate interfaces.
•
Layer 3 aggregate subinterfaces.
VLAN interfaces cannot be created if their interface resources have been reserved.
Each of the Layer 3 interfaces and subinterfaces use one VLAN interface resource. When you reserve
VLAN interface resources for interfaces that have subinterfaces, take the number of the subinterfaces into account. For example:
• Reserve two VLAN interface resources when you create a Layer 3 Ethernet subinterface. The main interface and subinterface each use one VLAN interface resource.
•
Reserve seven VLAN interface resources when you create four Layer 3 aggregate subinterfaces on an aggregate interface whose corresponding aggregation group has two member ports. The aggregate interface uses one VLAN interface. Each of the member ports and aggregate subinterfaces uses one VLAN interface resource.
Configuration restrictions and guidelines
When you configure VLAN interface resource reservation, follow these restrictions and guidelines:
•
To simplify management and configuration, HP recommends that you reserve VLAN interface resources as follows:
{
{
Bulk reserve resources of VLAN interfaces that are numbered in consecutive order.
Reserve resources of VLAN interfaces whose VLAN IDs are in the range of 3000 to 3500 preferentially.
•
Select the VLAN interfaces of unused VLANs rather than used VLANs for resource reservation. If the
VLAN interface resource of a VLAN is reserved, HP recommends not creating or using this VLAN.
115
• The VLAN interface resource reservation of a VLAN conflicts with the VLAN interface creation of this VLAN.
•
Before creating a Layer 3 Ethernet subinterface or aggregate subinterface, do not reserve a resource for the VLAN interface whose interface number matches the subinterface number. After you reserve a VLAN interface resource, do not create a Layer 3 Ethernet subinterface or aggregate subinterface whose subinterface number is the VLAN interface number. A Layer 3 Ethernet subinterface or aggregate subinterface uses the VLAN interface resource in processing tagged packets whose VLAN ID matches the subinterface number.
•
If a reserved VLAN interface resource has been used by a Layer 3 interface or subinterface, you cannot remove the resource reservation of this VLAN interface.
•
After the software upgrades to support this feature, examine whether Layer 3 interfaces and subinterfaces exist when you create Layer 3 interfaces and subinterfaces for the first time.
{
If Layer 3 interfaces and subinterfaces exist, reserve VLAN interface resources for both the existing and new Layer 3 interfaces and subinterfaces.
{
If no Layer 3 interfaces or subinterfaces exist, reserve VLAN interface resources only for new
Layer 3 interfaces and subinterfaces.
Configuration procedure
To reserve VLAN interface resources:
Step Command
1. Enter system view. system-view
2. Reserve VLAN interface resources.
3. Display VLANs whose
VLAN interface resources have been reserved. reserve-vlan-interface { vlan-interface-id1
[ to vlan-interface-id2 ] } display reserve-vlan-interface
Configuring port-based VLANs
Remarks
N/A
By default, no VLAN interface resources are reserved.
N/A
Introduction to port-based VLAN
Port-based VLANs group VLAN members by port. A port forwards packets from a VLAN only after it is assigned to the VLAN.
Port link type
You can configure the link type of a port as access, trunk, or hybrid. The link types use the following
VLAN tag handling methods:
• Access—An access port can forward packets from only one specific VLAN and send these packets untagged. An access port can connect a terminal device that does not support VLAN packets or is used in scenarios that do not distinguish VLANs.
116
• Trunk—A trunk port can forward packets from multiple VLANs. Except packets from the port VLAN
ID (PVID), packets sent out of a trunk port are VLAN-tagged. Ports connecting network devices are typically configured as trunk ports.
• Hybrid—A hybrid port can forward packets from multiple VLANs. A hybrid port allows traffic from some VLANs to pass through untagged and traffic from other VLANs to pass through tagged. A hybrid port can connect a network device or terminal device.
PVID
The PVID identifies the default VLAN of a port.
When you configure the PVID on a port, follow these restrictions and guidelines:
•
An access port can join only one VLAN. The VLAN to which the access port belongs is the PVID of the port.
• A trunk or hybrid port can carry multiple VLANs, and you can configure a PVID for the port.
•
You can use a nonexistent VLAN as the PVID for a hybrid or trunk port, but not for an access port.
After you remove the VLAN that an access port resides in with the undo vlan command, the PVID of the port changes to VLAN 1. However, the removal of the VLAN specified as the PVID of a trunk or hybrid port does not affect the PVID setting on the port.
•
HP recommends that you set the same PVID for local and remote ports.
•
Make sure a port is assigned to its PVID. Otherwise, when the port receives frames tagged with the
PVID or untagged frames, the port filters out these frames.
How ports of different link types handle frames
Actions Access
In the inbound direction for an untagged frame
Tags the frame with the
PVID tag.
In the inbound direction for a tagged frame
•
Receives the frame if its VLAN ID is the same as the PVID.
•
Drops the frame if its
VLAN ID is different from the PVID.
Trunk Hybrid
•
If the PVID is permitted on the port, tags the frame with the PVID tag.
•
If not, drops the frame.
•
Receives the frame if its VLAN is permitted on the port.
•
Drops the frame if its VLAN is not permitted on the port.
In the outbound direction
Removes the VLAN tag and sends the frame.
•
Removes the tag and sends the frame if the frame carries the PVID tag and the port belongs to the PVID.
•
Sends the frame without removing the tag if its VLAN is carried on the port but is different from the PVID.
Sends the frame if its VLAN is permitted on the port. The tagging status of the frame depends on the port hybrid vlan command configuration.
Assigning an access port to a VLAN
You can assign an access port to a VLAN in VLAN view or interface view.
Make sure the VLAN has been created.
117
Assigning one or multiple access ports to a VLAN in VLAN view
Step Command
1. Enter system view. system-view
2. Enter VLAN view.
Remarks
N/A vlan vlan-id N/A
3. Assign one or a group of access ports to the VLAN. port interface-list
By default, all ports belong to
VLAN 1.
Assigning an access port to a VLAN in interface view
Step Command
1. Enter system view. system-view
2. Enter interface view.
•
Enter Layer 2 Ethernet interface view: interface interface-type
interface-number
•
Enter Layer 2 aggregate interface view: interface bridge-aggregation
interface-number
3. Configure the link type of the port as access.
4. (Optional.) Assign the access port to a VLAN. port link-type access port access vlan vlan-id
Remarks
N/A
•
The configuration made in Layer 2
Ethernet interface view applies only to the port.
•
The configuration made in Layer 2 aggregate interface view applies to the aggregate interface and its aggregation member ports. If the system fails to apply the configuration to an aggregation member port, it skips the port and moves to the next member port. If the system fails to apply the configuration to the aggregate interface, it stops applying the configuration to aggregation member ports.
By default, all ports are access ports.
By default, all access ports belong to
VLAN 1.
Assigning a trunk port to a VLAN
A trunk port can carry multiple VLANs. You can assign it to a VLAN in interface view.
When you assign a trunk port to a VLAN, follow these guidelines:
• To change the link type of a port from trunk to hybrid or vice versa, set the link type to access first.
•
You must configure the trunk port to allow packets from the PVID to pass through by using the port trunk permit vlan command.
To assign a trunk port to one or multiple VLANs:
Step Command
1. Enter system view. system-view
Remarks
N/A
118
Step Command
2. Enter interface view.
3. Configure the link type of the port as trunk.
4. Assign the trunk port to the specified VLANs.
5. (Optional.) Configure the
PVID of the trunk port.
•
Enter Layer 2 Ethernet interface view: interface interface-type
interface-number
•
Enter Layer 2 aggregate interface view: interface bridge-aggregation
interface-number port link-type trunk port trunk permit vlan { vlan-id-list
| all } port trunk pvid vlan vlan-id
Remarks
•
The configuration made in
Layer 2 Ethernet interface view applies only to the port.
•
The configuration made in
Layer 2 aggregate interface view applies to the aggregate interface and its aggregation member ports. If the system fails to apply the configuration to an aggregation member port, it skips the port and moves to the next member port. If the system fails to apply the configuration to the aggregate interface, it stops applying the configuration to aggregation member ports.
By default, all ports are access ports.
By default, a trunk port only permits
VLAN 1.
The default setting is VLAN 1.
Assigning a hybrid port to a VLAN
A hybrid port can carry multiple VLANs. You can assign it to the specified VLANs in interface view. Make sure the VLANs have been created.
When you assign a hybrid port to a VLAN, follow these guidelines:
•
To change the link type of a port from trunk to hybrid or vice versa, set the link type to access first.
• You must configure the hybrid port to allow packets from the PVID to pass through by using the port hybrid vlan command.
To assign a hybrid port to one or multiple VLANs:
Step Command
1. Enter system view. system-view
Remarks
N/A
119
Step Command
2. Enter interface view.
3. Configure the link type of the port as hybrid.
4. Assign the hybrid port to the specified VLANs.
5. (Optional.) Configure the
PVID of the hybrid port.
•
Enter Layer 2 Ethernet interface view: interface interface-type
interface-number
•
Enter Layer 2 aggregate interface view: interface bridge-aggregation
interface-number port link-type hybrid port hybrid vlan vlan-id-list
{ tagged | untagged } port hybrid pvid vlan vlan-id
Remarks
•
The configuration made in
Layer 2 Ethernet interface view applies only to the port.
•
The configuration made in
Layer 2 aggregate interface view applies to the aggregate interface and its aggregation member ports. If the system fails to apply the configuration to an aggregation member port, it skips the port and moves to the next member port. If the system fails to apply the configuration to the aggregate interface, it stops applying the configuration to aggregation member ports.
By default, all ports are access ports.
By default, a hybrid port is an untagged member of the VLAN to which the port was assigned as an access port.
By default, the PVID of a hybrid port is the ID of the VLAN to which the port was assigned as an access port.
Displaying and maintaining VLANs
Execute display commands in any view.
Task Command
Display VLAN information. display vlan [ vlan-id1 [ to vlan-id2 ] | all | dynamic | reserved | static ]
Display VLAN interface information. display interface vlan-interface [ vlan-interface-id ] [ brief
[ description ] ]
Display hybrid ports or trunk ports on the device.
Display VLANs whose VLAN interface resources have been reserved. display port { hybrid | trunk } display reserve-vlan-interface
120
Port-based VLAN configuration example
Network requirements
As shown in
:
•
Host A and Host C belong to Department A. VLAN 100 is assigned to Department A.
•
Host B and Host D belong to Department B. VLAN 200 is assigned to Department B.
Configure port-based VLANs so that hosts only in the same department can communicate with each other.
Figure 34 Network diagram
Configuration procedure
1. Configure Device A:
# Create VLAN 100, and assign FortyGigE 1/0/1 to VLAN 100.
<DeviceA> system-view
[DeviceA] vlan 100
[DeviceA-vlan100] port fortygige 1/0/1
[DeviceA-vlan100] quit
# Create VLAN 200, and assign FortyGigE 1/0/2 to VLAN 200.
[DeviceA] vlan 200
[DeviceA-vlan200] port fortygige 1/0/2
[DeviceA-vlan200] quit
# Configure FortyGigE 1/0/3 as a trunk port, and assign it to VLANs 100 and 200.
[DeviceA] interface fortygige 1/0/3
[DeviceA-FortyGigE1/0/3] port link-type trunk
[DeviceA-FortyGigE1/0/3] port trunk permit vlan 100 200
Please wait... Done.
2. Configure Device B in the same way Device A is configured. (Details not shown.)
3. Configure hosts:
{
Configure Host A and Host C to be on the same IP subnet. For example, 192.168.100.0/24.
{
Configure Host B and Host D to be on the same IP subnet. For example, 192.168.200.0/24.
121
Verifying the configuration
# Verify that Host A and Host C can ping each other, but they both fail to ping Host B. (Details not shown.)
# Verify that Host B and Host D can ping each other, but they both fail to ping Host A. (Details not shown.)
# Verify that VLANs 100 and 200 are correctly configured on devices, for example, on Device A.
[DeviceA-FortyGigE1/0/3] display vlan 100
VLAN ID: 100
VLAN type: Static
Route interface: Not configured
Description: VLAN 0100
Name: VLAN 0100
Tagged ports:
FortyGigE1/0/3
Untagged ports:
FortyGigE1/0/1
[DeviceA-FortyGigE1/0/3] display vlan 200
VLAN ID: 200
VLAN type: Static
Route interface: Not configured
Description: VLAN 0200
Name: VLAN 0200
Tagged ports:
FortyGigE1/0/3
Untagged ports:
FortyGigE1/0/2
122
Configuring LLDP
You can set an Ethernet port as a Layer 3 interface by using the port link-mode route command (see
"
Configuring Ethernet interfaces ").
Overview
In a heterogeneous network, a standard configuration exchange platform ensures that different types of network devices from different vendors can discover one another and exchange configuration.
The Link Layer Discovery Protocol (LLDP) is specified in IEEE 802.1AB. The protocol operates on the data link layer to exchange device information between directly connected devices. With LLDP, a device sends local device information as TLV (type, length, and value) triplets in LLDP Data Units (LLDPDUs) to the directly connected devices. Local device information includes its system capabilities, management IP address, device ID, port ID, and so on. The device stores the device information in LLDPDUs from the LLDP neighbors in a standard MIB. For more information about MIBs, see Network Management and
Monitoring Configuration Guide. LLDP enables a network management system to quickly detect and identify Layer 2 network topology changes.
Basic concepts
LLDP agent
An LLDP agent is a mapping of an entity where LLDP runs. Multiple LLDP agents can run on the same interface.
LLDP agents include the following types:
• Nearest bridge agent.
•
Nearest customer bridge agent.
•
Nearest non-TPMR bridge agent.
A Two-port MAC Relay (TPMR) is a type of bridge that has only two externally-accessible bridge ports.
It supports a subset of the functions of a MAC bridge. A TPMR is transparent to all frame-based media-independent protocols except for the following:
•
Protocols destined to it.
• Protocols destined to reserved MAC addresses that the relay function of the TPMR is configured not to forward.
LLDP exchanges packets between neighbor agents and creates and maintains neighbor information for them.
shows the neighbor relationships for these LLDP agents. LLDP has two bridge modes: customer bridge (CB) and service bridge (SB).
123
Figure 35 LLDP neighbor relationships
LLDP frame formats
LLDP sends device information in LLDP frames. LLDP frames are encapsulated in Ethernet II or SNAP frames.
•
LLDP frame encapsulated in Ethernet II
Figure 36 Ethernet II-encapsulated LLDP frame
Table 11 Fields in an Ethernet II-encapsulated LLDP frame
Field Description
Destination MAC address
MAC address to which the LLDP frame is advertised. LLDP specifies different multicast MAC addresses as destination MAC addresses for LLDP frames destined for agents of different types. This helps distinguish between LLDP frames sent and received by different agent types on the same interface. The destination MAC address is fixed to one of the following multicast MAC addresses:
•
0x0180-C200-000E for LLDP frames destined for nearest bridge agents.
•
0x0180-C200-0000 for LLDP frames destined for nearest customer bridge agents.
•
0x0180-C200-0003 for LLDP frames destined for nearest non-TPMR bridge agents.
Source MAC address
Type
MAC address of the sending port.
Ethernet type for the upper-layer protocol. This field is 0x88CC for LLDP.
Data LLDPDU.
FCS
Frame check sequence, a 32-bit CRC value used to determine the validity of the received Ethernet frame.
124
• LLDP frame encapsulated in SNAP
Figure 37 SNAP-encapsulated LLDP frame
Table 12 Fields in a SNAP-encapsulated LLDP frame
Field Description
Destination MAC address
MAC address to which the LLDP frame is advertised. It is the same as that for Ethernet II-encapsulated LLDP frames.
Source MAC address MAC address of the sending port.
Type
SNAP type for the upper-layer protocol. This field is
0xAAAA-0300-0000-88CC for LLDP.
Data LLDPDU.
FCS
Frame check sequence, a 32-bit CRC value used to determine the validity of the received Ethernet frame.
LLDPDUs
LLDP uses LLDPDUs to exchange information. An LLDPDU comprises multiple TLV. Each TLV carries a type
of device information, as shown in Figure 38
.
Figure 38 LLDPDU encapsulation format
An LLDPDU can carry up to 32 types of TLVs. Mandatory TLVs include Chassis ID TLV, Port ID TLV, Time to Live TLV, and End of LLDPDU TLV. Other TLVs are optional.
TLVs
A TLV is an information element that contains the type, length, and value fields.
LLDPDU TLVs include the following categories:
•
Basic management TLVs
•
Organizationally (IEEE 802.1 and IEEE 802.3) specific TLVs
• LLDP-MED (media endpoint discovery) TLVs
Basic management TLVs are essential to device management.
125
Organizationally specific TLVs and LLDP-MED TLVs are used for enhanced device management. They are defined by standardization or other organizations and are optional to LLDPDUs.
•
Basic management TLVs
lists the basic management TLV types. Some of them are mandatory to LLDPDUs.
Table 13 Basic management TLVs
Type Description
Chassis ID Specifies the bridge MAC address of the sending device.
Port ID
Specifies the ID of the sending port.
•
If the LLDPDU carries LLDP-MED TLVs, the port ID TLV carries the MAC address of the sending port.
•
Otherwise, the port ID TLV carries the port name.
Time to Live
End of LLDPDU
Specifies the life of the transmitted information on the receiving device.
Marks the end of the TLV sequence in the LLDPDU.
Port Description
System Name
System Description
System Capabilities
Specifies the description of the sending port.
Specifies the assigned name of the sending device.
Specifies the description of the sending device.
Identifies the primary functions of the sending device and the enabled primary functions.
Management Address
Specifies the following elements:
•
The management address of the local device.
•
The interface number and object identifier (OID) associated with the address.
•
IEEE 802.1 organizationally specific TLVs
Table 14 IEEE 802.1 organizationally specific TLVs
Remarks
Mandatory.
Optional.
Type Description
Port VLAN ID Specifies the port's VLAN identifier (PVID).
Port And Protocol VLAN ID
VLAN Name
Protocol Identity
DCBX
EVB module
Link Aggregation
Indicates whether the device supports protocol VLANs and, if so, what
VLAN IDs these protocols will be associated with.
Specifies the textual name of any VLAN to which the port belongs.
Indicates protocols supported on the port.
Data center bridging exchange protocol.
NOTE:
The switch does not support DCBX TLV in the current software version.
Edge Virtual Bridging module, comprising EVB TLV and CDCP TLV.
NOTE:
The switch does not support EVB TLV and CDCP TLV in the current software version.
Indicates whether the port supports link aggregation, and if yes, whether link aggregation is enabled.
126
Type Description
Management VID Management VLAN ID.
VID Usage Digest
ETS Configuration
ETS Recommendation
PFC
VLAN ID usage digest.
Enhanced Transmission Selection configuration.
ETS recommendation.
Priority-based Flow Control.
NOTE:
•
HP devices support only receiving protocol identity TLVs and VID usage digest TLVs.
• Layer 3 Ethernet ports support only link aggregation TLVs.
•
IEEE 802.3 organizationally specific TLVs
Table 15 IEEE 802.3 organizationally specific TLVs
Type Description
MAC/PHY Configuration/Status
Contains the bit-rate and duplex capabilities of the port, support for autonegotiation, enabling status of autonegotiation, and the current rate and duplex mode.
Power Via MDI
Maximum Frame Size
Contains the power supply capability of the port:
•
Port class (PSE or PD).
•
Power supply mode.
•
Whether PSE power supply is supported.
•
Whether PSE power supply is enabled.
•
Whether pair selection can be controllable.
Indicates the supported maximum frame size. It is now the MTU of the port.
Power Stateful Control
Indicates the power state control configured on the sending port, including the following:
•
Power supply mode of the PSE/PD.
•
PSE/PD priority.
•
PSE/PD power.
NOTE:
The Power Stateful Control TLV is defined in IEEE P802.3at D1.0 and is not supported in later versions. HP devices send this type of TLVs only after receiving them.
• LLDP-MED TLVs
LLDP-MED TLVs provide multiple advanced applications for voice over IP (VoIP), such as basic configuration, network policy configuration, and address and directory management. LLDP-MED
TLVs provide a cost-effective and easy-to-use solution for deploying voice devices in Ethernet.
LLDP-MED TLVs are shown in Table 16
.
127
Table 16 LLDP-MED TLVs
Type Description
LLDP-MED Capabilities
Allows a network device to advertise the LLDP-MED TLVs that it supports.
Network Policy
Extended Power-via-MDI
Hardware Revision
Allows a network device or terminal device to advertise the VLAN
ID of a port, the VLAN type, and the Layer 2 and Layer 3 priorities for specific applications.
Allows a network device or terminal device to advertise power supply capability. This TLV is an extension of the Power Via MDI
TLV.
Allows a terminal device to advertise its hardware version.
Firmware Revision
Software Revision
Serial Number
Manufacturer Name
Model Name
Asset ID
Location Identification
Allows a terminal device to advertise its firmware version.
Allows a terminal device to advertise its software version.
Allows a terminal device to advertise its serial number.
Allows a terminal device to advertise its vendor name.
Allows a terminal device to advertise its model name.
Allows a terminal device to advertise its asset ID. The typical case is that the user specifies the asset ID for the endpoint to facilitate directory management and asset tracking.
Allows a network device to advertise the appropriate location identifier information for a terminal device to use in the context of location-based applications.
NOTE:
•
If the MAC/PHY configuration/status TLV is not advertisable, none of the LLDP-MED TLVs will be advertised even if they are advertisable.
•
If the LLDP-MED capabilities TLV is not advertisable, the other LLDP-MED TLVs will not be advertised even if they are advertisable.
Management address
The network management system uses the management address of a device to identify and manage the device for topology maintenance and network management. The management address is encapsulated in the management address TLV.
Work mechanism
LLDP operating modes
An LLDP agent can operate in one of the following modes:
• TxRx mode—An LLDP agent in this mode can send and receive LLDP frames.
•
Tx mode—An LLDP agent in this mode can only send LLDP frames.
•
Rx mode—An LLDP agent in this mode can only receive LLDP frames.
• Disable mode—An LLDP agent in this mode cannot send or receive LLDP frames.
128
Each time the LLDP operating mode of an LLDP agent changes, its LLDP protocol state machine re-initializes. A configurable re-initialization delay prevents frequent initializations because of frequent changes to the operating mode. If you configure the reinitialization delay, an LLDP agent must wait the specified amount of time to initialize LLDP after the LLDP operating mode changes.
Transmitting LLDP frames
An LLDP agent operating in TxRx mode or Tx mode sends LLDP frames to its directly connected devices both periodically and when the local configuration changes. To prevent LLDP frames from overwhelming the network during times of frequent changes to local device information, LLDP uses the token bucket mechanism to rate limit LLDP frames. For more information about the token bucket mechanism, see ACL
and QoS Configuration Guide.
LLDP automatically enables the fast LLDP frame transmission mechanism in either of the following cases:
• A new LLDP frame is received and carries device information new to the local device.
•
The LLDP operating mode of the LLDP agent changes from Disable or Rx to TxRx or Tx.
The fast LLDP frame transmission mechanism successively sends the specified number of LLDP frames at a configurable fast LLDP frame transmission interval. The mechanism helps LLDP neighbors discover the local device as soon as possible. Then, the normal LLDP frame transmission interval resumes.
Receiving LLDP frames
An LLDP agent operating in TxRx mode or Rx mode confirms the validity of TLVs carried in every received
LLDP frame. If the TLVs are valid, the LLDP agent saves the information and starts an aging timer. When the TTL value in the Time To Live TLV carried in the LLDP frame becomes zero, the information ages out immediately.
Protocols and standards
•
IEEE 802.1AB-2005, Station and Media Access Control Connectivity Discovery
•
IEEE 802.1AB-2009, Station and Media Access Control Connectivity Discovery
• ANSI/TIA-1057, Link Layer Discovery Protocol for Media Endpoint Devices
LLDP configuration task list
Tasks at a glance
Performing basic LLDP configuration:
(Optional.) Configuring the LLDP bridge mode
(Optional.) Setting the LLDP operating mode
(Optional.) Setting the LLDP re-initialization delay
(Optional.) Enabling LLDP polling
(Optional.) Configuring the advertisable TLVs
(Optional.) Configuring the management address and its encoding format
(Optional.) Setting other LLDP parameters
(Optional.) Setting an encapsulation format for LLDP frames
(Optional.) Configuring CDP compatibility
129
Tasks at a glance
(Optional.) Configuring LLDP trapping and LLDP-MED trapping
Performing basic LLDP configuration
Enabling LLDP
To make LLDP take effect on specific ports, you must enable LLDP both globally and on these ports.
To enable LLDP:
Step Command Remarks
1. Enter system view. system-view N/A
2. Enable LLDP globally. lldp global enable
By default, LLDP is disabled globally.
3. Enter Layer 2/Layer 3
Ethernet interface view, or
Layer 2/Layer 3 aggregate interface view. interface interface-type interface-number N/A
4. (Optional.) Enable LLDP. lldp enable
By default, LLDP is enabled on a port.
Configuring the LLDP bridge mode
The following LLDP bridge modes are available:
•
Service bridge mode—In service bridge mode, LLDP supports nearest bridge agents and nearest non-TPMR bridge agents. LLDP processes the LLDP frames with destination MAC addresses for these agents and transparently transmits the LLDP frames with other destination MAC addresses in the
VLAN.
•
Customer bridge mode—In customer bridge mode, LLDP supports nearest bridge agents, nearest non-TPMR bridge agents, and nearest customer bridge agents. LLDP processes the LLDP frames with destination MAC addresses for these agents and transparently transmits the LLDP frames with other destination MAC addresses in the VLAN.
To configure the LLDP bridge mode:
1. Enter system view.
2. Configure LLDP to operate in service bridge mode. system-view lldp mode service-bridge
N/A
By default, LLDP operates in customer bridge mode.
130
Setting the LLDP operating mode
Step Command Remarks
1. Enter system view.
2. Enter Layer 2/Layer 3
Ethernet interface view, or
Layer 2/Layer 3 aggregate interface view. system-view interface interface-type interface-number
N/A
N/A
3. Set the LLDP operating mode.
•
In Layer 2/Layer 3 Ethernet interface view: lldp [ agent { nearest-customer | nearest-nontpmr } ] admin-status
{ disable | rx | tx | txrx }
•
In Layer 2/Layer 3 aggregate interface view: lldp agent { nearest-customer | nearest-nontpmr } admin-status { disable
| rx | tx | txrx }
By default:
•
The nearest bridge agent operates in txrx mode.
•
The nearest customer bridge agent and nearest non-TPMR bridge agent operate in disable mode.
In Ethernet interface view, if no agent type is specified, the command configures the operating mode for nearest bridge agents.
In aggregate interface view, you can configure the operating mode for only nearest customer bridge agents and nearest non-TPMR bridge agents.
Setting the LLDP re-initialization delay
When the LLDP operating mode changes on a port, the port initializes the protocol state machines after an LLDP reinitialization delay. By adjusting the delay, you can avoid frequent initializations caused by frequent changes to the LLDP operating mode on a port.
To set the LLDP re-initialization delay for ports:
Step Command
1. Enter system view.
2. Set the LLDP re-initialization delay. system-view lldp timer reinit-delay delay
Remarks
N/A
The default setting is 2 seconds.
Enabling LLDP polling
With LLDP polling enabled, a device periodically searches for local configuration changes. When the device detects a configuration change, it sends LLDPDUs to inform neighboring devices of the change.
To enable LLDP polling:
131
Step Command Remarks
1. Enter system view. system-view N/A
2. Enter Layer 2/Layer 3
Ethernet interface view, or
Layer 2/Layer 3 aggregate interface view. interface interface-type interface-number N/A
3. Enable LLDP polling and set the polling interval.
•
In Layer 2/Layer 3 Ethernet interface view: lldp [ agent { nearest-customer | nearest-nontpmr } ] check-change-interval interval
•
In Layer 2/Layer 3 aggregate interface view: lldp agent { nearest-customer | nearest-nontpmr } check-change-interval interval
Configuring the advertisable TLVs
By default, LLDP polling is disabled.
Step Command Remarks
1. Enter system view. system-view N/A
2. Enter Layer 2/Layer 3
Ethernet interface view, or
Layer 2/Layer 3 aggregate interface view. interface interface-type interface-number N/A
132
Step Command Remarks
3. Configure the advertisable
TLVs (in Layer 2 Ethernet interface view).
• lldp tlv-enable { basic-tlv { all | port-description | system-capability | system-description | system-name | management-address-tlv [ ip-address ] }
| dot1-tlv { all | port-vlan-id | link-aggregation | protocol-vlan-id
[ vlan-id ] | vlan-name [ vlan-id ] | management-vid [ mvlan-id ] } | dot3-tlv
{ all | mac-physic | max-frame-size | power } | med-tlv { all | capability | inventory | network-policy | power-over-ethernet | location-id
{ civic-address device-type country-code
{ ca-type ca-value }&<1-10> | elin-address tel-number } } }
• lldp agent nearest-nontpmr tlv-enable
{ basic-tlv { all | port-description | system-capability | system-description | system-name | management-address-tlv
[ ip-address ] } | dot1-tlv { all | port-vlan-id | link-aggregation } }
• lldp agent nearest-customer tlv-enable
{ basic-tlv { all | port-description | system-capability | system-description | system-name | management-address-tlv
[ ip-address ] } | dot1-tlv { all | port-vlan-id | link-aggregation } }
By default:
•
Nearest bridge agents can advertise all LLDP
TLVs except the location identification
TLV, port and protocol
VLAN ID TLVs, VLAN name TLVs, and management VLAN ID
TLVs.
•
Nearest non-TPMR bridge agents advertise no TLVs.
•
Nearest customer bridge agents can advertise basic TLVs and IEEE 802.1 organizationally specific TLVs.
4. Configure the advertisable
TLVs (in Layer 3 Ethernet interface view).
• lldp tlv-enable { basic-tlv { all | port-description | system-capability | system-description | system-name | management-address-tlv [ ip-address ] }
| dot1-tlv { all | link-aggregation } | dot3-tlv { all | mac-physic | max-frame-size | power } | med-tlv { all
| capability | inventory | power-over-ethernet | location-id
{ civic-address device-type country-code
{ ca-type ca-value }&<1-10> | elin-address tel-number } } }
• lldp agent { nearest-nontpmr | nearest-customer } tlv-enable { basic-tlv
{ all | port-description | system-capability | system-description | system-name | management-address-tlv
[ ip-address ] } | dot1-tlv { all | link-aggregation } }
By default:
•
Nearest bridge agents can advertise all LLDP
TLVs (only link aggregation TLV in
802.1 organizationally specific TLVs) except network policy TLVs.
•
Nearest non-TPMR bridge agents advertise no TLVs.
•
Nearest customer bridge agents can advertise basic TLVs and IEEE 802.1 organizationally specific TLVs (only link aggregation TLV).
133
Step Command Remarks
5. Configure the advertisable
TLVs (in Layer 2 aggregate interface view).
6. Configure the advertisable
TLVs (in Layer 3 aggregate interface view).
• lldp agent nearest-nontpmr tlv-enable
{ basic-tlv { all | management-address-tlv
[ ip-address ] | port-description | system-capability | system-description | system-name } | dot1-tlv { all | port-vlan-id } }
• lldp agent nearest-customer tlv-enable
{ basic-tlv { all | management-address-tlv
[ ip-address ] | port-description | system-capability | system-description | system-name } | dot1-tlv { all | port-vlan-id } }
• lldp tlv-enable dot1-tlv { protocol-vlan-id
[ vlan-id ] | vlan-name [ vlan-id ] | management-vid [ mvlan-id ] } lldp agent { nearest-customer | nearest-nontpmr } tlv-enable basic-tlv { all | management-address-tlv [ ip-address ] | port-description | system-capability | system-description | system-name }
By default:
•
Nearest non-TPMR bridge agents advertise no TLVs.
•
Nearest customer bridge agents can advertise basic TLVs and IEEE 802.1 organizationally specific TLVs (only port and protocol VLAN ID
TLV, VLAN name TLV, and management
VLAN ID TLV).
•
Nearest bridge agents are not supported on
Layer 2 aggregate interfaces.
By default:
•
Nearest non-TPMR bridge agents advertise no TLVs.
•
Nearest customer bridge agents can advertise only basic
TLVs.
•
Nearest bridge agents are not supported on
Layer 3 aggregate interfaces.
Configuring the management address and its encoding format
LLDP encodes management addresses in numeric or string format in management address TLVs.
By default, management addresses are encoded in numeric format. If a neighbor encodes its management address in string format, configure the encoding format of the management address as string on the connecting port. This guarantees normal communication with the neighbor.
To configure a management address to be advertised and its encoding format on a port:
1. Enter system view.
2. Enter Layer 2/Layer 3 Ethernet interface view, or Layer
2/Layer 3 aggregate interface view. system-view interface interface-type
interface-number
N/A
N/A
134
3. Allow LLDP to advertise the management address in LLDP frames and configure the advertised management address.
4. Configure the encoding format of the management address as string.
•
In Layer 2/Layer 3 Ethernet interface view: lldp [ agent { nearest-customer
| nearest-nontpmr } ] tlv-enable basic-tlv management-address-tlv
[ ip-address ]
•
In Layer 2/Layer 3 aggregate interface view: lldp agent { nearest-customer
| nearest-nontpmr } tlv-enable basic-tlv management-address-tlv
[ ip-address ]
•
In Layer 2/Layer 3 Ethernet interface view: lldp [ agent { nearest-customer
| nearest-nontpmr } ] management-address-format string
•
In Layer 2/Layer 3 aggregate interface view: lldp agent { nearest-customer
| nearest-nontpmr } management-address-format string
By default:
•
Nearest bridge agents and nearest customer bridge agents can advertise the management address in LLDP frames.
•
Nearest non-TPMR bridge agents cannot advertise the management address in LLDP frames.
By default, the encoding format of the management address is numeric.
Setting other LLDP parameters
The Time to Live TLV carried in an LLDPDU determines how long the device information carried in the
LLDPDU can be saved on a recipient device.
By setting the TTL multiplier, you can configure the TTL of locally sent LLDPDUs, which determines how long information about the local device can be saved on a neighboring device. The TTL is expressed by using the following formula:
TTL = Min (65535, (TTL multiplier × LLDP frame transmission interval))
As the expression shows, the TTL can be up to 65535 seconds. TTLs greater than 65535 will be rounded down to 65535 seconds.
To change LLDP parameters:
Step Command
1. Enter system view. system-view
2. Set the TTL multiplier. lldp hold-multiplier value
3. Set the LLDP frame transmission interval.
4. Set the token bucket size for sending LLDP frames. lldp timer tx-interval interval lldp max-credit credit-value
Remarks
N/A
The default setting is 4.
The default setting is 30 seconds.
The default setting is 5.
135
Step Command
5. Set the LLDP frame transmission delay. lldp timer tx-delay delay
6. Set the number of LLDP frames sent each time fast LLDP frame transmission is triggered.
7. Set an interval for fast LLDP frame transmission. lldp fast-count count lldp timer fast-interval interval
Remarks
The default setting is 2 seconds.
The default setting is 4.
The default setting is 1 second.
Setting an encapsulation format for LLDP frames
LLDP frames can be encapsulated in the following formats:
• Ethernet II—With Ethernet II encapsulation configured, an LLDP port sends LLDP frames in Ethernet
II frames.
•
SNAP—With SNAP encapsulation configured, an LLDP port sends LLDP frames in SNAP frames.
To set the encapsulation format for LLDP frames to SNAP:
Step Command Remarks
1. Enter system view.
2. Enter Layer 2/Layer 3
Ethernet interface view, or
Layer 2/Layer 3 aggregate interface view. system-view interface interface-type interface-number
N/A
N/A
3. Set the encapsulation format for LLDP frames to
SNAP.
•
In Layer 2/Layer 3 Ethernet interface view: lldp [ agent { nearest-customer | nearest-nontpmr } ] encapsulation snap
•
In Layer 2/Layer 3 aggregate interface view: lldp agent { nearest-customer | nearest-nontpmr } encapsulation snap
By default, Ethernet II encapsulation format applies.
NOTE:
LLDP of earlier versions requires the same encapsulation format on both ends to process LLDP frames. For this reason, to communicate stably with a neighboring device running LLDP of earlier versions, the local device should be configured with the same encapsulation format.
Configuring CDP compatibility
When the switch is directly connected to a Cisco device that supports only CDP rather than LLDP, you can enable CDP compatibility to enable the switch to exchange information with the directly-connected device.
With CDP compatibility enabled on the switch, the switch can use LLDP to perform the following tasks:
•
Receive and recognize the CDP packets received from the directly-connected device.
• Send CDP packets to the directly-connected device.
136
The packets that the switch sends to the neighboring CDP device carry the device ID, the ID of the port connecting to the neighboring device, the port IP address, the PVID, and the TTL. The port IP address is the main IP address of the VLAN interface in up state. The VLAN interface must have the lowest VLAN ID among all VLANs permitted on the port. If none of the VLAN interfaces of the permitted VLANs is assigned an IP address or all VLAN interfaces are down, no port IP address will be advertised.
The CDP neighbor-information-related fields in the output of the display lldp neighbor-information command show the CDP neighboring device information that can be recognized by the switch. For more information about the display lldp neighbor-information command, see Layer 2—LAN Switching
Command Reference.
Configuration prerequisites
Before you configure CDP compatibility, complete the following tasks:
•
Globally enable LLDP.
•
Enable LLDP on the port connecting to a device supporting CDP.
•
Configure the port to operate in TxRx mode.
Configuration procedure
CDP-compatible LLDP operates in one of the following modes:
•
TxRx—CDP packets can be transmitted and received.
• Disable—CDP packets cannot be transmitted or received.
To make CDP-compatible LLDP take effect on specific ports, follow these steps:
1. Enable CDP-compatible LLDP globally.
2. Configure CDP-compatible LLDP to operate in TxRx mode on the port.
The maximum TTL value that CDP allows is 255 seconds. To make CDP-compatible LLDP work correctly with Cisco IP phones, configure the LLDP frame transmission interval to be no more than 1/3 of the TTL value.
To enable LLDP to be compatible with CDP:
1. Enter system view.
2. Enable CDP compatibility globally.
3. Enter Layer 2 or Layer 3
Ethernet interface view.
4. Configure CDP-compatible
LLDP to operate in TxRx mode. system-view lldp compliance cdp interface interface-type
interface-number lldp compliance admin-status cdp txrx
N/A
By default, CDP compatibility is disabled globally.
N/A
By default, CDP-compatible LLDP operates in disable mode.
Configuring LLDP trapping and LLDP-MED trapping
LLDP trapping or LLDP-MED trapping notifies the network management system of events such as newly detected neighboring devices and link failures.
137
To prevent excessive LLDP traps from being sent when the topology is unstable, set a trap transmission interval for LLDP.
To configure LLDP trapping and LLDP-MED trapping:
Step Command Remarks
1. Enter system view.
2. Enter Layer 2/Layer 3
Ethernet interface view, or
Layer 2/Layer 3 aggregate interface view. system-view interface interface-type interface-number
N/A
N/A
3. Enable LLDP trapping.
•
In Layer 2/Layer 3 Ethernet interface view: lldp [ agent { nearest-customer | nearest-nontpmr } ] notification remote-change enable
•
In Layer 2/Layer 3 aggregate interface view: lldp agent { nearest-customer | nearest-nontpmr } notification remote-change enable
By default, LLDP trapping is disabled.
4. Enable LLDP-MED trapping
(in Layer 2 or Layer 3
Ethernet interface view).
5. Return to system view. lldp notification med-topology-change enable quit
By default, LLDP-MED trapping is disabled.
N/A
6. (Optional.) Set the LLDP trap transmission interval. lldp timer notification-interval interval
The default setting is 30 seconds.
Displaying and maintaining LLDP
Execute display commands in any view.
Task Command
Display local LLDP information. display lldp local-information [ global | interface interface-type
interface-number ]
Display the information contained in the LLDP TLVs sent from neighboring devices. display lldp neighbor-information [ [ [ interface interface-type
interface-number ] [ agent { nearest-bridge | nearest-customer | nearest-nontpmr } ] [ verbose ] ] | list [ system-name system-name ] ]
Display LLDP statistics.
Display LLDP status of a port. display lldp statistics [ global | [ interface interface-type
interface-number ] [ agent { nearest-bridge | nearest-customer | nearest-nontpmr } ] ] display lldp status [ interface interface-type interface-number ] [ agent
{ nearest-bridge | nearest-customer | nearest-nontpmr } ]
138
Task Command
Display types of advertisable optional LLDP TLVs. display lldp tlv-config [ interface interface-type interface-number ]
[ agent { nearest-bridge | nearest-customer | nearest-nontpmr } ]
LLDP configuration example
Network requirements
As shown in
Figure 39 , the NMS and Switch A are located in the same Ethernet network. An MED device
and Switch B are connected to FortyGigE1/0/1 and FortyGigE1/0/2 of Switch A.
Enable LLDP globally on Switch A and Switch B to perform the following tasks:
•
Monitor the link between Switch A and Switch B on the NMS.
• Monitor the link between Switch A and the MED device on the NMS.
Figure 39 Network diagram
MED
NMS
FGE1/0/1
FGE1/0/2
FGE1/0/1
Switch A
Configuration procedure
Switch B
1. Configure Switch A:
# Enable LLDP globally.
<SwitchA> system-view
[SwitchA] lldp global enable
# Enable LLDP on FortyGigE1/0/1. By default, LLDP is enabled on ports.
[SwitchA] interface fortygige 1/0/1
[SwitchA-FortyGigE1/0/1] lldp enable
# Set the LLDP operating mode to Rx on FortyGigE1/0/1.
[SwitchA-FortyGigE1/0/1] lldp admin-status rx
[SwitchA-FortyGigE1/0/1] quit
# Enable LLDP on FortyGigE1/0/2. By default, LLDP is enabled on ports.
[SwitchA] interface fortygige 1/0/2
[SwitchA-FortyGigE1/0/2] lldp enable
# Set the LLDP operating mode to Rx on FortyGigE1/0/2.
[SwitchA-FortyGigE1/0/2] lldp admin-status rx
139
[SwitchA-FortyGigE1/0/2] quit
2. Configure Switch B:
# Enable LLDP globally.
<SwitchB> system-view
[SwitchB] lldp global enable
# Enable LLDP on FortyGigE1/0/1. By default, LLDP is enabled on ports.
[SwitchB] interface fortygige 1/0/1
[SwitchB-FortyGigE1/0/1] lldp enable
# Set the LLDP operating mode to Tx on FortyGigE1/0/1.
[SwitchB-FortyGigE1/0/1] lldp admin-status tx
[SwitchB-FortyGigE1/0/1] quit
Verifying the configuration
# Verify that:
• FortyGigE1/0/1 of Switch A connects to an MED device.
• FortyGigE1/0/2 of Switch A connects to a non-MED device.
•
Both ports operate in Rx mode, and they can receive LLDP frames but cannot send LLDP frames.
[SwitchA] display lldp status
Global status of LLDP: Enable
Bridge mode of LLDP: customer-bridge
The current number of LLDP neighbors: 2
The current number of CDP neighbors: 0
LLDP neighbor information last changed time: 0 days, 0 hours, 4 minutes, 40 seconds
Transmit interval : 30s
Fast transmit interval : 1s
Transmit credit max : 5
Hold multiplier : 4
Reinit delay : 2s
Trap interval : 30s
Fast start times : 4
LLDP status information of port 1 [FortyGigE1/0/1]:
LLDP agent nearest-bridge:
Port status of LLDP : Enable
Admin status : RX_Only
Trap flag : No
MED trap flag : No
Polling interval : 0s
Number of LLDP neighbors : 1
Number of MED neighbors : 1
Number of CDP neighbors : 0
Number of sent optional TLV : 21
Number of received unknown TLV : 0
LLDP agent nearest-customer:
Port status of LLDP : Enable
140
Admin status : Disable
Trap flag : No
MED trap flag : No
Polling interval : 0s
Number of LLDP neighbors : 0
Number of MED neighbors : 0
Number of CDP neighbors : 0
Number of sent optional TLV : 16
Number of received unknown TLV : 0
LLDP status information of port 2 [FortyGigE1/0/2]:
LLDP agent nearest-bridge:
Port status of LLDP : Enable
Admin status : RX_Only
Trap flag : No
MED trap flag : No
Polling interval : 0s
Number of LLDP neighbors : 1
Number of MED neighbors : 0
Number of CDP neighbors : 0
Number of sent optional TLV : 21
Number of received unknown TLV : 3
LLDP agent nearest-nontpmr:
Port status of LLDP : Enable
Admin status : Disable
Trap flag : No
MED trap flag : No
Polling interval : 0s
Number of LLDP neighbors : 0
Number of MED neighbors : 0
Number of CDP neighbors : 0
Number of sent optional TLV : 1
Number of received unknown TLV : 0
LLDP agent nearest-customer:
Port status of LLDP : Enable
Admin status : Disable
Trap flag : No
MED trap flag : No
Polling interval : 0s
Number of LLDP neighbors : 0
Number of MED neighbors : 0
Number of CDP neighbors : 0
Number of sent optional TLV : 16
Number of received unknown TLV : 0
# Remove the link between Switch A and Switch B.
# Verify that FortyGigE1/0/2 of Switch A does not connect to any neighboring devices.
141
[SwitchA] display lldp status
Global status of LLDP: Enable
The current number of LLDP neighbors: 1
The current number of CDP neighbors: 0
LLDP neighbor information last changed time: 0 days, 0 hours, 5 minutes, 20 seconds
Transmit interval : 30s
Fast transmit interval : 1s
Transmit credit max : 5
Hold multiplier : 4
Reinit delay : 2s
Trap interval : 30s
Fast start times : 4
LLDP status information of port 1 [FortyGigE1/0/1]:
LLDP agent nearest-bridge:
Port status of LLDP : Enable
Admin status : RX_Only
Trap flag : No
MED trap flag : No
Polling interval : 0s
Number of LLDP neighbors : 1
Number of MED neighbors : 1
Number of CDP neighbors : 0
Number of sent optional TLV : 0
Number of received unknown TLV : 5
LLDP agent nearest-nontpmr:
Port status of LLDP : Enable
Admin status : Disable
Trap flag : No
MED trap flag : No
Polling interval : 0s
Number of LLDP neighbors : 0
Number of MED neighbors : 0
Number of CDP neighbors : 0
Number of sent optional TLV : 1
Number of received unknown TLV : 0
LLDP status information of port 2 [FortyGigE1/0/2]:
LLDP agent nearest-bridge:
Port status of LLDP : Enable
Admin status : RX_Only
Trap flag : No
MED trap flag : No
Polling interval : 0s
Number of LLDP neighbors : 0
Number of MED neighbors : 0
Number of CDP neighbors : 0
142
Number of sent optional TLV : 0
Number of received unknown TLV : 0
LLDP agent nearest-nontpmr:
Port status of LLDP : Enable
Admin status : Disable
Trap flag : No
MED trap flag : No
Polling interval : 0s
Number of LLDP neighbors : 0
Number of MED neighbors : 0
Number of CDP neighbors : 0
Number of sent optional TLV : 1
Number of received unknown TLV : 0
LLDP agent nearest-customer:
Port status of LLDP : Enable
Admin status : Disable
Trap flag : No
MED trap flag : No
Polling interval : 0s
Number of LLDP neighbors : 0
Number of MED neighbors : 0
Number of CDP neighbors : 0
Number of sent optional TLV : 16
Number of received unknown TLV : 0
143
Support and other resources
Contacting HP
For worldwide technical support information, see the HP support website: http://www.hp.com/support
Before contacting HP, collect the following information:
• Product model names and numbers
•
Technical support registration number (if applicable)
•
Product serial numbers
• Error messages
•
Operating system type and revision level
•
Detailed questions
Subscription service
HP recommends that you register your product at the Subscriber's Choice for Business website: http://www.hp.com/go/wwalerts
After registering, you will receive email notification of product enhancements, new driver versions, firmware updates, and other product resources.
Related information
Documents
To find related documents, browse to the Manuals page of the HP Business Support Center website: http://www.hp.com/support/manuals
• For related documentation, navigate to the Networking section, and select a networking category.
•
For a complete list of acronyms and their definitions, see HP FlexNetwork Technology Acronyms.
Websites
• HP.com http://www.hp.com
•
HP Networking http://www.hp.com/go/networking
•
HP manuals http://www.hp.com/support/manuals
•
HP download drivers and software http://www.hp.com/support/downloads
• HP software depot http://www.software.hp.com
•
HP Education http://www.hp.com/learn
144
Conventions
This section describes the conventions used in this documentation set.
Command conventions
Convention Description
Boldface Bold text represents commands and keywords that you enter literally as shown.
Italic
[ ]
{ x | y | ... }
[ x | y | ... ]
{ x | y | ... } *
[ x | y | ... ] *
&<1-n>
Italic text represents arguments that you replace with actual values.
Square brackets enclose syntax choices (keywords or arguments) that are optional.
Braces enclose a set of required syntax choices separated by vertical bars, from which you select one.
Square brackets enclose a set of optional syntax choices separated by vertical bars, from which you select one or none.
Asterisk-marked braces enclose a set of required syntax choices separated by vertical bars, from which you select at least one.
Asterisk-marked square brackets enclose optional syntax choices separated by vertical bars, from which you select one choice, multiple choices, or none.
The argument or keyword and argument combination before the ampersand (&) sign can be entered 1 to n times.
A line that starts with a pound (#) sign is comments. #
GUI conventions
Symbols
Convention Description
Boldface
Window names, button names, field names, and menu items are in bold text. For example, the New User window appears; click OK.
> Multi-level menus are separated by angle brackets. For example, File > Create > Folder.
Convention Description
WARNING
An alert that calls attention to important information that if not understood or followed can result in personal injury.
CAUTION
An alert that calls attention to important information that if not understood or followed can result in data loss, data corruption, or damage to hardware or software.
IMPORTANT
NOTE
An alert that calls attention to essential information.
An alert that contains additional or supplementary information.
TIP
An alert that provides helpful information.
145
Network topology icons
Represents a generic network device, such as a router, switch, or firewall.
Represents a routing-capable device, such as a router or Layer 3 switch.
Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports
Layer 2 forwarding and other Layer 2 features.
Represents an access controller, a unified wired-WLAN module, or the switching engine on a unified wired-WLAN switch.
Represents an access point.
Represents a mesh access point.
Represents omnidirectional signals.
Represents directional signals.
Represents a security product, such as a firewall, UTM, multiservice security gateway, or load-balancing device.
Port numbering in examples
Represents a security card, such as a firewall, load-balancing, NetStream, SSL VPN, IPS, or ACG card.
The port numbers in this document are for illustration only and might be unavailable on your device.
146
Index
Numerics
802.x
802.1 LLDPDU TLV types,
802.3 LLDPDU TLV types,
A accessing port-based VLAN access port,
port-based VLAN access port (in interface
port-based VLAN access port (in VLAN
action loop detection block,
loop detection no-learning protection,
loop detection shutdown protection,
adding
MAC address table blackhole entry, 21
MAC address table multiport unicast entry, 21
address
MAC address learning disable,
MAC address table address synchronization,
MAC Information queue length,
advertising
aggregating link. See
aging
MAC address table timer,
algorithm
assigning
port to isolation group (multiple), 61
port-based VLAN access port,
port-based VLAN access port (in interface
port-based VLAN access port (in VLAN
port-based VLAN hybrid port,
port-based VLAN trunk port, 118
attribute
Ethernet link aggregation attribute configuration,
auto
Ethernet interface autonegotiation mode,
loop detection port status auto recovery,
B
bandwidth
Ethernet link aggregate interface (expected
basic management LLDPDU TLV types, 125
blackhole entry
MAC address table,
block action (loop detection),
boundary port (MST),
BPDU
STP max age timer,
STP TC-BPDU transmission restriction, 98
transmission rate configuration,
bridge
LLDP agent customer bridge, 123
LLDP agent nearest bridge, 123
LLDP agent non-TPMR bridge,
,
MSTP root bridge configuration, 80
MSTP secondary root bridge configuration,
RSTP root bridge configuration,
RSTP secondary root bridge configuration,
STP designated bridge,
STP root bridge configuration, 80
147
STP secondary root bridge configuration, 80
bulk
interface configuration display, 17
C calculating
MSTP CIST calculation,
STP port path cost calculation standard,
CDP
STP timeout factor,
LLDP CDP compatibility,
checking
STP mCheck (global),
STP mCheck (interface view),
,
choosing
Ethernet link aggregation reference port,
Cisco
LLDP CDP compatibility,
CIST
network device connection,
configuring
Ethernet aggregate interface,
Ethernet aggregate interface (description),
Ethernet interface basic settings, 3
Ethernet interface common settings,
Ethernet interface generic flow control,
Ethernet interface jumbo frame support,
Ethernet interface link mode, 5
Ethernet interface PFC,
Ethernet interface physical state change suppression,
Ethernet link aggregate interface (expected
,
Ethernet link aggregation edge aggregate
148
Ethernet link aggregation group, 40
Ethernet link aggregation group (dynamic), 42
Ethernet link aggregation group (static),
Ethernet link aggregation group load sharing
Ethernet link aggregation load sharing,
Layer 2 Ethernet interface, 10
Layer 2 Ethernet interface storm control,
Layer 2 Ethernet interface storm suppression, 10
Layer 2 Ethernet link aggregation (dynamic), 52
Layer 2 Ethernet link aggregation (static), 50
Layer 2 Ethernet link aggregation group
Layer 2 Ethernet link aggregation group (static), 41
Layer 2 Ethernet link aggregation load sharing,
Layer 3 Ethernet link aggregation (dynamic), 57
Layer 3 Ethernet link aggregation (static), 56
Layer 3 Ethernet link aggregation edge aggregate
Layer 3 Ethernet link aggregation group
Layer 3 Ethernet link aggregation group (static), 42
Layer 3 Ethernet subinterface basic settings,
,
,
LLDP management address,
LLDP management address encoding format, 134
LLDP trapping,
LLDP-MED trapping,
,
loop detection protection action, 108 loop detection protection action (global), 108
loop detection protection action (Layer 2 aggregate
loop detection protection action (Layer 2 Ethernet
MAC address table,
,
MAC address table dynamic aging timer,
MAC change notification interval,
MAC Information,
,
MAC Information mode,
MAC Information queue length,
management Ethernet interface,
MST region,
MSTP,
,
MSTP root bridge,
MSTP root bridge device,
MSTP secondary root bridge, 80
MSTP secondary root bridge device, 81
port isolation (on LAN),
RSTP device priority,
RSTP secondary root bridge, 80
RSTP secondary root bridge device, 81
STP,
STP BPDU transmission rate,
,
,
STP port link type,
STP port mode,
STP port path cost,
,
STP port priority,
STP root bridge,
STP root bridge device,
STP secondary root bridge device, 81
STP switched network diameter,
STP TC-BPDU transmission restriction, 98
STP timeout factor,
VLAN (port-based),
VLAN basic settings,
VLAN interface basic settings, 114
cost
STP port path cost calculation standard, 86
STP port path cost configuration, 85
CST
MST region connection,
customer
LLDP customer bridge mode, 130
D default
Ethernet link aggregate interface default
designated
device
Ethernet interface configuration,
LLDP basic configuration,
MSTP implementation,
MSTP root bridge configuration, 81
MSTP secondary root bridge configuration,
RSTP priority,
RSTP root bridge configuration,
RSTP secondary root bridge configuration,
STP No Agreement Check,
STP protection functions,
STP root bridge configuration, 81
STP secondary root bridge configuration,
STP TC-BPDU transmission restriction, 98
,
disabling
MAC address learning,
discarding
149
MST discarding port state,
displaying bulk interface configuration,
loop detection,
MAC address table,
MSTP,
STP,
dot1d-1998 (STP port path cost calculation), 86
dot1s (STP port mode),
dot1t (STP port path cost calculation),
dynamic
Ethernet link aggregation dynamic mode,
Ethernet link aggregation edge aggregate
Ethernet link aggregation group, 42
Ethernet link aggregation mode,
Layer 2 Ethernet link aggregation, 52
Layer 2 Ethernet link aggregation group
(dynamic),
Layer 3 Ethernet link aggregation, 57
Layer 3 Ethernet link aggregation edge
Layer 3 Ethernet link aggregation group
(dynamic),
MAC address table dynamic aging timer, 24
MAC address table entry,
E edge port
STP,
enabling
LLDP polling,
loop detection,
loop detection (global),
107 loop detection (port-specific), 107
MAC address synchronization, 25
STP port state transition information output, 90
encapsulating
LLDP frame encapsulated in Ethernet II, 124
LLDP frame encapsulated in SNAP format,
LLDP frame encapsulation format,
VLAN frame encapsulation,
Ethernet
interface. See Ethernet interface
link aggregation. See Ethernet link aggregation
LLDP frame encapsulated in Ethernet II, 124
LLDP trapping,
LLDP-MED trapping,
loop detection configuration, 105
MAC address table configuration,
,
MAC Information configuration, 28
port isolation configuration,
port isolation configuration (on LAN), 62
port-based VLAN access port assignment,
port-based VLAN access port assignment (in interface view),
port-based VLAN access port assignment (in VLAN view),
port-based VLAN hybrid port assignment,
port-based VLAN trunk port assignment, 118
reserving VLAN interface resource,
VLAN configuration,
VLAN frame encapsulation,
VLAN interface basic configuration,
VLAN port-based configuration,
Ethernet interface
basic settings configuration, 3
common settings configuration, 1
configuration,
configuring management Ethernet interface,
jumbo frame support configuration, 6
link mode,
150
naming convention,
physical state change suppression, 6
splitting and combining,
Ethernet link aggregation aggregate group min/max number Selected ports,
aggregate interface (description),
44 aggregate interface configuration, 44
aggregate interface default settings, 47 aggregate interface shutdown, 47
aggregation group,
32 basic concepts, 32 configuration, 32
edge aggregate interface,
,
group configuration,
group configuration (dynamic),
group configuration (static), 41
group load sharing criteria, 48
interface configuration (expected
Layer 2 aggregate interface (ignored
Layer 2 aggregation (dynamic),
Layer 2 aggregation (static),
Layer 2 aggregation load sharing, 53
Layer 3 aggregation (dynamic),
Layer 3 aggregation (static),
Layer 3 edge aggregate interface,
load sharing configuration, 48
load sharing criteria,
member port state,
,
operational key,
static mode,
F flow control
Ethernet interface generic flow control, 7
format
LLDP frame encapsulated in Ethernet II, 124
LLDP frame encapsulated in SNAP format,
LLDP frame encapsulation format,
LLDP management address encoding format, 134
forwarding
STP forward delay timer,
frame
Ethernet interface jumbo frame support, 6
loop detection (Ethernet frame header),
loop detection (inner frame header),
loop detection interval,
MAC address learning,
MAC address table blackhole entry, 21
MAC address table configuration,
,
MAC address table entry configuration, 20
MAC address table multiport unicast entry,
MAC Information configuration, 28
port-based VLAN frame handling,
VLAN frame encapsulation,
full-duplex mode (Ethernet interface),
G generic flow control (Ethernet interface),
group
Ethernet link aggregate group min/max number
Ethernet link aggregation group,
Ethernet link aggregation group (dynamic), 42
Ethernet link aggregation group (static),
Ethernet link aggregation group configuration,
Ethernet link aggregation LACP,
151
Ethernet link aggregation load sharing, 48
Ethernet link aggregation load sharing criteria,
,
Ethernet link aggregation member port state, 32
Layer 2 Ethernet link aggregation group
(dynamic),
Layer 2 Ethernet link aggregation group
(static),
Layer 3 Ethernet link aggregation group
(dynamic),
Layer 3 Ethernet link aggregation group
(static),
H half-duplex mode (Ethernet interface),
hello
,
hybrid port
port-based VLAN assignment, 119
I ignored VLAN
Layer 2 aggregate interface, 44
implementing
MSTP device implementation,
inloopback interface
configuration, 14 displaying, 14 maintaining, 14
interface
Ethernet aggregate interface,
Ethernet aggregate interface (description),
Ethernet link aggregate interface default
Ethernet link aggregate interface shutdown,
Ethernet link aggregation edge aggregate
inloopback configuration,
Layer 2 Ethernet aggregate interface (ignored
loopback configuration,
13 , 13 null configuration, 13
interval loop detection,
MAC Information change send interval,
isolating
152
IST
J jumbo frame support (Ethernet interface),
K key
Ethernet link aggregation operational key, 33
L
LACP
Ethernet link aggregation,
LAN port isolation configuration,
reserving VLAN interface resource,
VLAN configuration,
VLAN interface basic configuration,
VLAN port-based configuration,
LAN switching
Ethernet link aggregation basic concepts,
Ethernet link aggregation configuration,
Ethernet link aggregation dynamic mode,
Ethernet link aggregation LACP,
Ethernet link aggregation load sharing,
Ethernet link aggregation load sharing criteria, 39
Ethernet link aggregation static mode,
Layer 2
Ethernet link aggregation (dynamic), 52
Ethernet link aggregation (static), 50
Ethernet link aggregation configuration,
Ethernet link aggregation group (dynamic), 42
Ethernet link aggregation group (static),
Ethernet link aggregation group load sharing
Ethernet link aggregation load sharing,
Ethernet link aggregation load sharing criteria, 39
Ethernet link aggregation local-first load
LLDP basic configuration,
LLDP trapping,
LLDP-MED trapping,
loop detection configuration, 105
,
port isolation configuration,
port isolation configuration (on LAN),
port-based VLAN access port assignment,
port-based VLAN access port assignment (in
port-based VLAN access port assignment (in
VLAN view),
port-based VLAN hybrid port assignment,
port-based VLAN trunk port assignment,
reserving VLAN interface resource, 115
VLAN basic configuration,
VLAN configuration,
VLAN interface basic configuration,
VLAN port-based configuration, 116
Layer 2 Ethernet interface
,
storm control configuration,
10 storm suppression configuration, 10
Layer 2 LAN switching
Ethernet aggregate interface,
Ethernet aggregate interface (description),
Ethernet link aggregate group min/max number
Ethernet link aggregate interface (expected
Ethernet link aggregate interface default
Ethernet link aggregate interface shutdown,
Ethernet link aggregation configuration, 32
Ethernet link aggregation edge aggregate
Ethernet link aggregation group, 40
Ethernet link aggregation group (dynamic),
Ethernet link aggregation group (static),
Layer 3
Ethernet aggregate interface,
Ethernet aggregate interface (description),
Ethernet link aggregate group min/max number
Ethernet link aggregate interface (expected
Ethernet link aggregate interface default
Ethernet link aggregate interface shutdown,
Ethernet link aggregation (dynamic), 57
Ethernet link aggregation (static), 56
Ethernet link aggregation configuration, 32
Ethernet link aggregation edge aggregate
Ethernet link aggregation group, 40
Ethernet link aggregation group (dynamic), 42
Ethernet link aggregation group (static),
LLDP basic configuration,
LLDP trapping,
LLDP-MED trapping,
port-based VLAN access port assignment,
port-based VLAN access port assignment (in interface view),
port-based VLAN access port assignment (in VLAN view),
port-based VLAN hybrid port assignment,
port-based VLAN trunk port assignment, 118
reserving VLAN interface resource,
VLAN interface basic configuration,
VLAN port-based configuration,
Layer 3 Ethernet interface configuration,
Layer 3 Ethernet subinterface
basic settings configuration, 4
learning loop detection no-learning action,
MAC address learning disable, 23
MST learning port state,
legacy
STP port path cost calculation, 86
link
aggregation. See Ethernet link aggregation
Ethernet interface link mode,
link layer discovery protocol. See
,
,
,
STP port link type configuration,
LLDP
advertisable TLV configuration, 132
agent,
basic concepts,
,
bridge mode configuration,
153
CDP compatibility configuration,
,
enable,
LLDP frame encapsulation format, 136
LLDP frame management address TLV, 128
LLDP frame transmission,
LLDPDU TLV types,
LLDPDU TLVs,
LLDP-MED trapping configuration,
management address configuration, 134
management address encoding format,
operating mode (disable),
operating mode (Rx),
,
operating mode (Tx),
,
operating mode set,
parameter set,
polling enable,
LLDP frame encapsulated in Ethernet II format,
124 encapsulated in SNAP format, 124
,
LLDP configuration,
,
LLDP parameters,
management address configuration, 134
management address encoding format,
management address TLV,
receiving,
LLDPDU
TLV basic management types,
TLV organization-specific types, 125
load sharing
Ethernet link aggregation configuration,
Ethernet link aggregation group criteria,
Ethernet link aggregation group load sharing, 39
Ethernet link aggregation local-first load
Ethernet link aggregation packet type-based load
Ethernet link aggregation per-flow load sharing,
Ethernet link aggregation per-packet load
local
Layer 2 Ethernet link aggregation configuration, 53
Ethernet link aggregation local-first load
logging loop
loop detection configuration, 105
,
,
,
,
loop detection configuration,
,
enable,
enable (global),
107 enable (port-specific), 107
interval setting,
mechanisms,
port status auto recovery, 106
protection action configuration,
protection action configuration (global),
protection action configuration (Layer 2 aggregate
protection action configuration (Layer 2 Ethernet
loopback interface configuration,
displaying, 14 maintaining, 14
M
MAC address
VLAN frame encapsulation,
MAC address table
154
address synchronization,
blackhole entry,
,
dynamic aging timer,
entry configuration,
entry creation,
entry types,
MAC address learning disable,
manual entries,
multiport unicast entry,
MAC Information change notification interval,
enable,
queue length configuration,
maintaining
MSTP,
STP,
management address
management Ethernet interface
mapping
MSTP VLAN-to-instance mapping table, 73
master port (MST),
mCheck (STP),
,
MED (LLDP-MED trapping),
MIB
,
LLDP configuration,
,
mode
Ethernet interface autonegotiation, 3
Ethernet interface full-duplex,
Ethernet interface half-duplex, 3
Ethernet interface link mode, 5
Ethernet link aggregation dynamic,
Ethernet link aggregation dynamic mode,
Ethernet link aggregation load sharing criteria, 39
Ethernet link aggregation static,
Ethernet link aggregation static mode,
LLDP customer bridge mode, 130
LLDP Rx,
,
LLDP service bridge mode,
LLDP Tx,
,
modifying
MAC address table blackhole entry, 21
MAC address table multiport unicast entry,
MST
CIST,
common root bridge,
port roles, 74 port states, 74
region,
MSTI
calculation,
MST instance,
MSTP,
, See also
basic concepts,
configuration,
,
device priority configuration,
features,
how it works,
mode set,
MSTI calculation,
No Agreement Check,
relationship to RSTP and STP,
155
root bridge device configuration, 81
secondary root bridge configuration, 80
secondary root bridge device configuration,
STP port mode configuration,
VLAN-to-instance mapping table, 73
multiport unicast entry (MAC address table),
N network
Ethernet interface basic settings configuration,
Ethernet interface common settings
Ethernet interface generic flow control,
Ethernet interface jumbo frame support
Ethernet interface link mode, 5
Ethernet interface PFC,
Ethernet interface physical state change suppression,
Ethernet interface splitting and combining,
Ethernet link aggregation configuration
Ethernet link aggregation dynamic mode,
Ethernet link aggregation edge aggregate
Ethernet link aggregation LACP, 35
Ethernet link aggregation member port
Ethernet link aggregation modes, 34
Ethernet link aggregation operational key,
Ethernet link aggregation reference port,
Ethernet link aggregation reference port
Ethernet link aggregation static mode,
inloopback interface configuration,
Layer 2 Ethernet interface configuration, 10
Layer 2 Ethernet interface storm control
Layer 2 Ethernet interface storm suppression
Layer 3 Ethernet subinterface basic settings
,
156
loop detection protection action configuration, 108
loopback interface configuration,
MAC address table address synchronization, 25
MAC address table blackhole entry, 21
MAC address table dynamic aging timer,
MAC address table entry configuration, 20
MAC address table entry types, 19
MAC address table multiport unicast entry,
null interface configuration,
port-based VLAN access port assignment,
port-based VLAN access port assignment (in interface view),
port-based VLAN access port assignment (in VLAN view),
port-based VLAN hybrid port assignment,
port-based VLAN trunk port assignment, 118
reserving VLAN interface resource,
RSTP network convergence,
STP BPDU transmission rate,
STP designated bridge,
STP edge port,
STP No Agreement Check,
STP path cost,
STP protection functions,
STP switched network diameter, 82
STP TC-BPDU transmission restriction, 98
VLAN interface basic configuration,
VLAN port-based configuration, 116
network management
Ethernet interface configuration, 1
Ethernet link aggregation
inloopback interface configuration,
interface bulk configuration,
Layer 2 Ethernet link aggregation (dynamic), 52
Layer 2 Ethernet link aggregation (static),
Layer 2 Ethernet link aggregation load sharing,
Layer 3 Ethernet link aggregation (dynamic), 57
Layer 3 Ethernet link aggregation (static),
Layer 3 Ethernet link aggregation edge
LLDP basic concepts,
,
LLDP configuration,
,
loop detection,
loop detection configuration, 107
,
loopback interface configuration,
MAC address table configuration,
,
MAC Information configuration,
,
null interface configuration, 13
port isolation configuration,
port isolation configuration (on LAN),
RSTP configuration,
,
,
,
VLAN basic configuration,
VLAN configuration,
no-learning action (loop detection),
null interface
, 14 displaying, 14 maintaining, 14
O operational key (Ethernet link aggregation),
organization-specific LLDPDU TLV types, 125
outputting
STP port state transition information,
P packet
Ethernet link aggregation packet type-based load
STP BPDU protocol packets,
STP port mode configuration, 89
STP TCN BPDU protocol packets,
parameter
per-flow load sharing,
performing
STP mCheck globally,
STP mCheck in interface view,
per-packet load sharing,
physical
Ethernet interface physical state change suppression,
polling
port
Ethernet aggregate interface,
Ethernet aggregate interface (description),
Ethernet link aggregate group min/max number
Ethernet link aggregate interface (expected
Ethernet link aggregate interface default
Ethernet link aggregate interface shutdown,
Ethernet link aggregation configuration, 32
Ethernet link aggregation configuration types,
Ethernet link aggregation dynamic mode,
Ethernet link aggregation edge aggregate
Ethernet link aggregation group (dynamic), 42
Ethernet link aggregation group (static),
Ethernet link aggregation group configuration,
Ethernet link aggregation LACP,
Ethernet link aggregation load sharing,
Ethernet link aggregation load sharing criteria, 39
Ethernet link aggregation local-first load
157
Ethernet link aggregation member port, 32
Ethernet link aggregation member port
Ethernet link aggregation modes, 34
Ethernet link aggregation operational key,
Ethernet link aggregation reference port,
Ethernet link aggregation reference port
Ethernet link aggregation static mode,
group assignment (port isolation),
Layer 2 aggregate interface (ignored
Layer 2 Ethernet link aggregation (dynamic), 52
Layer 2 Ethernet link aggregation (static),
Layer 2 Ethernet link aggregation group
(dynamic),
Layer 2 Ethernet link aggregation group
(static),
Layer 2 Ethernet link aggregation load sharing,
Layer 3 Ethernet link aggregation (dynamic), 57
Layer 3 Ethernet link aggregation (static),
Layer 3 Ethernet link aggregation edge
Layer 3 Ethernet link aggregation group
(dynamic),
Layer 3 Ethernet link aggregation group
(static),
,
LLDP configuration,
,
LLDP disable operating mode, 128
LLDP enable,
LLDP frame encapsulation format, 136
LLDP frame transmission,
LLDP operating mode,
LLDP polling,
LLDP re-initialization delay, 131
LLDP Rx operating mode,
LLDP Tx operating mode,
,
loop detection configuration, 105
,
,
,
loop detection protection action
loop detection protection actions, 106 loop detection status auto recovery, 106
MAC address learning,
MAC address table blackhole entry, 21
MAC address table configuration,
,
MAC address table entry configuration, 20
MAC address table multiport unicast entry,
MAC Information configuration, 28
MST port roles,
RSTP network convergence,
STP BPDU transmission rate,
STP edge port configuration,
STP forward delay timer,
STP mCheck (global),
STP mCheck (interface view), 91
STP path cost calculation standard,
STP path cost configuration,
,
STP port link type configuration,
STP port mode configuration, 89
STP port priority configuration, 88
STP port state transition output, 90
STP TC-BPDU transmission restriction, 98
port isolation configuration,
configuration (on LAN),
displaying, 61 port assignment to group (multiple), 61
port-based VLAN
access port assignment (in interface view), 118
access port assignment (in VLAN view),
configuration,
,
158
priority
Ethernet link aggregation LACP, 35
RSTP device priority,
STP port priority configuration, 88
priority-based flow control. Use PFC procedure
adding MAC address table blackhole entry, 21
adding MAC address table multiport unicast
assigning port to isolation group (multiple),
assigning port-based VLAN access port,
assigning port-based VLAN access port (in
assigning port-based VLAN access port (in
VLAN view),
assigning port-based VLAN hybrid port,
assigning port-based VLAN trunk port, 118
bulk configuring interfaces, 16
combining 10-GE breakout interfaces into
configuring Ethernet aggregate interface, 44
configuring Ethernet aggregate interface
configuring Ethernet interface basic settings, 3
configuring Ethernet interface common
configuring Ethernet interface generic flow
configuring Ethernet interface jumbo frame support,
configuring Ethernet interface link mode, 5
configuring Ethernet interface PFC,
configuring Ethernet interface physical state
configuring Ethernet link aggregate interface
(expected bandwidth),
configuring Ethernet link aggregation, 39
configuring Ethernet link aggregation edge
configuring Ethernet link aggregation group,
configuring Ethernet link aggregation group
(dynamic),
159 configuring Ethernet link aggregation group
configuring Ethernet link aggregation group load sharing criteria,
configuring Ethernet link aggregation load
configuring interface (inloopback), 14
configuring interface (loopback), 13
configuring interface (null),
configuring Layer 2 Ethernet interface, 10
configuring Layer 2 Ethernet interface storm control,
configuring Layer 2 Ethernet interface storm
configuring Layer 2 Ethernet link aggregation
configuring Layer 2 Ethernet link aggregation
configuring Layer 2 Ethernet link aggregation group
configuring Layer 2 Ethernet link aggregation group
configuring Layer 2 Ethernet link aggregation load
configuring Layer 3 Ethernet link aggregation
configuring Layer 3 Ethernet link aggregation
configuring Layer 3 Ethernet link aggregation edge aggregate interface,
configuring Layer 3 Ethernet link aggregation group
configuring Layer 3 Ethernet link aggregation group
configuring Layer 3 Ethernet subinterface basic
configuring LLDP advertisable TLVs, 132
,
configuring LLDP bridge mode, 130
configuring LLDP CDP compatibility,
configuring LLDP management address,
configuring LLDP management address encoding
configuring LLDP trapping,
configuring LLDP-MED trapping,
configuring loop detection,
,
configuring loop detection protection
configuring loop detection protection action
(global),
configuring loop detection protection action
(Layer 2 aggregate interface), 108
configuring loop detection protection action
(Layer 2 Ethernet interface),
configuring MAC address table, 27
configuring MAC address table dynamic aging timer,
configuring MAC address table entry, 20
configuring MAC change notification interval,
configuring MAC Information,
configuring MAC Information mode,
configuring MAC Information queue length,
configuring management Ethernet interface,
configuring MST region,
configuring MST region max hops, 82
configuring MSTP,
,
configuring MSTP device priority, 81
configuring MSTP root bridge,
configuring MSTP root bridge device,
configuring MSTP secondary root bridge,
configuring MSTP secondary root bridge
configuring port isolation (on LAN), 62
configuring RSTP,
,
configuring RSTP device priority, 81
configuring RSTP root bridge,
configuring RSTP root bridge device,
configuring RSTP secondary root bridge, 80
configuring RSTP secondary root bridge
configuring STP,
configuring STP BPDU transmission rate, 84
configuring STP device priority, 81
configuring STP Digest Snooping,
,
configuring STP No Agreement Check, 94
,
configuring STP port link type,
configuring STP port mode for MSTP packets,
configuring STP port path cost,
configuring STP port priority,
configuring STP port role restriction, 98
160
configuring STP protection functions, 96
configuring STP root bridge, 80
configuring STP root bridge device, 81
configuring STP secondary root bridge, 80
configuring STP secondary root bridge device, 81
configuring STP switched network diameter, 82
configuring STP TC-BPDU transmission
configuring STP timeout factor, 84
configuring STP timer,
configuring VLAN (port-based),
,
configuring VLAN basic settings,
configuring VLAN interface basic settings,
displaying bulk interface configuration, 17
displaying Ethernet interface,
displaying Ethernet link aggregation,
displaying LLDP,
displaying loop detection, 109
displaying MAC address table,
displaying MSTP,
displaying port isolation,
displaying RSTP, 99 displaying STP, 99
displaying VLAN,
enabling Ethernet link aggregation local-first load
enabling LLDP polling,
enabling loop detection,
enabling loop detection (global),
enabling loop detection (port-specific),
enabling MAC address synchronization globally,
enabling MAC Information,
enabling STP feature,
enabling STP loop guard,
enabling STP port state transition information output,
enabling STP root guard,
enabling STP TC-BPDU guard, 99
maintaining Ethernet interface, 12
maintaining Ethernet link aggregation, 49
maintaining MSTP,
maintaining RSTP,
maintaining STP,
modifying MAC address table blackhole
modifying MAC address table multiport unicast
performing STP mCheck,
91 performing STP mCheck globally, 91 performing STP mCheck in interface view, 91
reserving VLAN interface resource, 115
restoring Ethernet link aggregate interface
setting Ethernet link aggregate group min/max
setting LLDP frame encapsulation format, 136
setting LLDP operating mode,
setting LLDP parameters,
setting LLDP re-initialization delay,
setting loop detection interval, 109
setting RSTP mode,
shutting down Ethernet link aggregate
specifying Layer 2 aggregate interface (ignored
specifying STP port path cost calculation
splitting 40-GE interface into 10-GE breakout
splitting and combining Ethernet interface,
protecting
protocols and standards
Ethernet link aggregation protocol
MSTP,
Q queuing
MAC Information queue length, 29
R rate
STP BPDU transmission rate,
receiving
LLDP frames,
recovering loop detection port status auto recovery,
reference port (Ethernet link aggregation), 34
region
MST,
re-initialization delay (LLDP),
reserving
restoring
Ethernet link aggregate interface default
restrictions
STP Digest Snooping configuration,
STP edge port configuration,
STP port link type configuration,
STP TC-BPDU transmission restriction, 98
root
MSTP root bridge configuration, 80
MSTP secondary root bridge configuration,
RSTP root bridge configuration,
RSTP secondary root bridge configuration,
STP root bridge configuration, 80
STP secondary root bridge configuration,
161
,
,
device priority configuration,
displaying, 99 maintaining, 99
mode set,
,
root bridge device configuration, 81
secondary root bridge configuration, 80
secondary root bridge device configuration,
S selecting
Ethernet link aggregation Selected ports, 45
Ethernet link aggregation selected state, 32
Ethernet link aggregation unselected state,
service
setting
Ethernet link aggregate group min/max number
Ethernet link aggregation member port
LLDP frame encapsulation format, 136
LLDP operating mode,
LLDP parameters,
LLDP re-initialization delay, 131
shutting down
Ethernet link aggregate interface,
loop detection shutdown action,
SNAP
LLDP frame encapsulated in SNAP format,
LLDP frame encapsulation format, 136
SNMP
MAC Information configuration,
,
snooping
,
spanning tree. Use STP, RSTP, MSTP specifying
Layer 2 aggregate interface (ignored VLAN), 44
STP port path cost calculation standard, 86
state
Ethernet interface state change suppression,
Ethernet link aggregation member port state,
,
static
Ethernet link aggregation group, 41
Ethernet link aggregation mode,
Ethernet link aggregation static mode,
Layer 2 Ethernet link aggregation,
Layer 2 Ethernet link aggregation group, 41
Layer 3 Ethernet link aggregation,
storm
Layer 2 Ethernet interface storm control,
Layer 2 Ethernet interface storm suppression, 10
STP
Layer 3 Ethernet link aggregation group, 42
basic concepts,
BPDU transmission rate configuration, 84
CIST,
configuration,
,
designated bridge,
device priority configuration,
Digest Snooping,
Digest Snooping configuration restrictions, 92
edge port configuration,
85 edge port configuration restrictions, 85
loop guard enable,
mCheck, 91 mCheck (global), 91 mCheck (interface view), 91
mode set,
162
MST region,
MSTP,
MSTP CIST calculation,
MSTP device implementation,
,
port link type configuration, 88
port link type configuration restrictions,
port mode configuration,
port path cost calculation standard,
port path cost configuration, 85
,
port priority configuration, 88
port state transition output,
root bridge,
root bridge device configuration, 81
, See also
secondary root bridge configuration, 80
secondary root bridge device configuration,
switched network diameter,
TC-BPDU transmission restriction, 98
timeout factor configuration, 84
timer configuration restrictions,
timers,
VLAN-to-instance mapping table, 73
suppressing
Ethernet interface physical state change suppression,
Layer 2 Ethernet interface storm control
Layer 2 Ethernet interface storm suppression
switching
Ethernet interface configuration,
inloopback interface configuration,
,
loopback interface configuration,
MAC address table configuration,
,
null interface configuration,
port isolation configuration,
port isolation configuration (on LAN), 62
port-based VLAN access port assignment,
port-based VLAN access port assignment (in interface view),
port-based VLAN access port assignment (in VLAN view),
port-based VLAN hybrid port assignment,
port-based VLAN trunk port assignment, 118
reserving VLAN interface resource,
VLAN configuration,
VLAN interface basic configuration,
VLAN port-based configuration,
synchronizing
MAC addresses,
system
interface bulk configuration, 16
T table
,
MSTP VLAN-to-instance mapping table, 73
TC-BPDU
time
STP TC-BPDU transmission restriction, 98
Ethernet link aggregation LACP timeout interval,
timeout timer
LLDP re-initialization delay,
MAC address table dynamic aging timer,
,
TLV
LLDP advertisable TLV configuration,
LLDP frame management address TLV, 128
163
LLDP management address configuration,
LLDP management address encoding format,
LLDP parameters,
LLDPDU basic management types, 125
LLDPDU LLDP-MED types,
LLDPDU organization-specific types,
topology
STP TCN BPDU protocol packets, 64
transmitting
STP TC-BPDU transmission restriction, 98
trapping
LLDP configuration,
LLDP-MED configuration,
MAC Information configuration,
,
MAC Information mode configuration,
trunk port
port-based VLAN assignment, 118
U unicast
MAC address table configuration,
,
MAC address table multiport unicast entry, 19
V
Virtual Local Area Network. Use VLAN
VLAN basic configuration,
configuration, 112 configuring, 112
hybrid port assignment,
interface basic configuration,
Layer 2 Ethernet aggregate interface (ignored
LLDP CDP compatibility,
loop detection configuration, 105
,
,
MSTP VLAN-to-instance mapping table, 73
port isolation configuration,
port link type,
116 port-based configuration, 116
port-based VLAN access port assignment,
port-based VLAN access port assignment (in interface view),
port-based VLAN access port assignment (in VLAN view),
port-based VLAN frame handling, 117
port-based VLAN trunk port assignment, 118
reserving interface resource,
voice traffic
164
advertisement
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project